Password reset request - Return consistent message for both existent and non-existent accounts. #2352
netcatgirl
started this conversation in
Ideas / Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Currently, when requesting a new password, it lets the user know if the account exists or not.
and
maybe the message could be changed to something like
I read about it on the owasp.org auth cheat sheet and thought it might apply here.
Beta Was this translation helpful? Give feedback.
All reactions