Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

requesting a mail for forgotten password reveals security issue #11

Open
gfauredumont opened this issue Jun 27, 2016 · 1 comment
Open

requesting a mail for forgotten password reveals security issue #11

gfauredumont opened this issue Jun 27, 2016 · 1 comment
Labels
bug

Comments

@gfauredumont
Copy link
Owner

When trying to recover forgotten password on a NON-existing email, app reply by saying "Email not found".
This is a security issue
@gfauredumont
Copy link
Owner Author

App should reply: "if this email is associated with an account, an email was sent to renew your password."
(or something similar)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gfauredumont