You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If an email is found in the database, you get "password reset sent". If not, you get an error alert saying the email doesn't exist.
A malicious user may use this as an interface to determine which emails are registered.
Suggestions:
The server response should always be the same, an .alert-info saying "If this email address is found in our records, we will send a password reset request"
If you hit the /reset route over a certain threshold, you should be blocked from using the form.
The text was updated successfully, but these errors were encountered:
If an email is found in the database, you get "password reset sent". If not, you get an error alert saying the email doesn't exist.
A malicious user may use this as an interface to determine which emails are registered.
Suggestions:
.alert-info
saying "If this email address is found in our records, we will send a password reset request"The text was updated successfully, but these errors were encountered: