User enumeration via forgot password error message

Hi Team, Vulnerable URL : https://infogram.com/forgot Description: During testing forgot password field whether it's rate limiting is working or not, I noticed forgot password field is vulnerable to user enumeration. When user enter email id which is not available into database it shows an error " E-mail not recognized". Mitigation: handle the above situation correctly, e.g.: "Reset link is send to email : [email protected]". This doesn't inform the attacker E-mail not recognized and make enumeration more difficult Thanks and regards, Kiddie Refer Ticket : #77067 #123496