Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password recovery: Parameter to prevent email address exposure on recovery form #1728

Closed
yurikuzn opened this issue May 31, 2020 · 1 comment
Closed

Password recovery: Parameter to prevent email address exposure on recovery form #1728

yurikuzn opened this issue May 31, 2020 · 1 comment
Assignees
@yurikuzn
Labels
improvement security
Milestone
Version 5.9.2

Comments

@yurikuzn
Copy link
Contributor

yurikuzn commented May 31, 2020
edited

Administration > Authentication > Prevent email address exposure on password recovery form.

No matter whether a valid or not valid data is entered, there will be the same message and the same time delay. This makes impossible to determine whether a specific email address is registered in the system.
@yurikuzn yurikuzn added this to the Version 5.9.2 milestone May 31, 2020
@yurikuzn yurikuzn self-assigned this May 31, 2020
@yurikuzn
Copy link
Contributor Author

12550c3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yurikuzn yurikuzn

Labels
improvement security
Projects
None yet
Milestone
Version 5.9.2
Development

No branches or pull requests
1 participant
@yurikuzn