Lack of interest Change password reset messages

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
duderuud

duderuud

Well-known member
When requesting a password reset, the message for a valid email address is different from an invalid email address.
This can be exploited by a bad actor to harvest mail addresses.

Maybe change both messages to the same "If this mailaddress is known, an email is being sent to you" (or something)?
(Not only changing phrases solves this problem because the specific page after a sent request is different for valid and invalid addresses.)
 
Upvote 2
This suggestion has been closed. Votes are no longer accepted.

Similar threads

S
  • Question Question
XF 2.0 Password reset request not working (not receiving it)
Replies
7
Views
63
MentaL
MentaL
V
  • Question Question
XF 2.1 Admin Password Reset - Pre-Upgrade
Replies
4
Views
66
Vade
V
CZ Eddie
  • Question Question
XF 2.3 A password reset request has been emailed to you. Please follow the instructions in that email.
Replies
0
Views
22
CZ Eddie
CZ Eddie
S
Require password reset upon login
Replies
2
Views
349
stromb0li
S
V
Addons change password at set times.
Replies
1
Views
283
Onlyme
O
Back
Top Bottom