[BUG] password reset: mail server error discloses user email #887
Labels
backend
Issues that require a backend change
bug
Something isn't working
good first issue
Good for newcomers
rust
Pull requests that update Rust code
Describe the bug
An error while sending the password reset email discloses the email address associated with a user name.
To Reproduce
Setup the mail server to reject the email and start the password reset sequence.
Expected behavior
Sensitive user data should not be exposed.
Additional context
v0.5.0 docker image (lldap/lldap:stable)
The text was updated successfully, but these errors were encountered: