cf-dev@lists.cloudfoundry.org | Reset password : if the unregistered email address entered then also giving success message.

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

shilpa kulkarni #9041 Hi, If I pass email id (which is not registered)for reset password link then it should give error message but it is giving success message only. I am not getting where to change that code. Can anyone please provide solution for this? Thanks & Regards Shilpa
More All Messages By This Member
Jonathan Matthews <contact+cfdev@...> #9042 Hey Shilpa, I wouldn’t be surprised to find this is intentional. If this didn’t happen, then it would be possible for an attacker to try submitting many addresses, and then receive confirmation of which of them were related to accounts on the service/system. I also wouldn’t be surprised to find that the service had an option to disable this behaviour in trusted environments, but I’ve no insight into that - I’m just mentioning that’s it’s /possible/ :-) HTH, J toggle quoted message Show quoted text On Sun, 14 Jun 2020 at 16:59, shilpa kulkarni <shilpakulkarni91@...> wrote: Hi, If I pass email id (which is not registered)for reset password link then it should give error message but it is giving success message only. I am not getting where to change that code. Can anyone please provide solution for this? Thanks & Regards Shilpa -- Jonathan Matthews London, UK https://jpluscplusm.com
More All Messages By This Member

1 - 2 of 2