You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Even when I don't have account on CARE system, it is showing me "password reset link sent successfully" when I do forgot password on login page and then random username as input.
To Reproduce
Steps to reproduce the behavior:
Go to "Authorized Login" page (login page)
Click on "forgot password"
Write invalid/random Username to send email on associated email-address with that user.
It shows success status "Password reset email sent"
Expected behavior
Expected status should be "Invalid user" OR "User not available in database"
Screenshots
Desktop (please complete the following information):
OS: Windows 11
Browser Brave
Version latest
Additional context
It looks like this is a frontend issue. I don't have any registered account on the CARE system, so it is not possible that my user is already available in the database. hence it is not possible to send me a password reset link and it did not. So, it looks like it received "success" status on the frontend and showed me "password reset email sent".
The text was updated successfully, but these errors were encountered:
@JAIMIN-CHOKHAWALA I think the current way is a good way from security perspective... This way, we can be ensure that no one can apply the bruteforce techniques to find existing users and send spams or apply other attacks, yes... but I agree that the message should be changed to "Password reset email will be sent shortly if account exists"
Describe the bug
Even when I don't have account on CARE system, it is showing me "password reset link sent successfully" when I do forgot password on login page and then random username as input.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected status should be "Invalid user" OR "User not available in database"
Screenshots
![main](https://user-images.githubusercontent.com/66988372/172712930-d4200e64-79e7-47d6-9d0b-4686c0cbc701.jpg)
Desktop (please complete the following information):
Additional context
It looks like this is a frontend issue. I don't have any registered account on the CARE system, so it is not possible that my user is already available in the database. hence it is not possible to send me a password reset link and it did not. So, it looks like it received "success" status on the frontend and showed me "password reset email sent".
The text was updated successfully, but these errors were encountered: