User Enumeration
Low
I
Infogram
Submitted None
Actions:
Reported by
saikiran-10098
Vulnerability Details
Technical details and impact analysis
Vulnerability:-
->User enumeration is possible through forgot password feature.
steps to reproduce:-
->Go to the above selected domain and go to forgot password.
->You can submit a mail address and check whether it is existing in your database or not.
Remediation:-
->It should display like "if that mail address exists in our system, then we will send password reset link."
I hope that you will consider this issue as you also welcome the reports of best practices.
Thank you
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure