Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.11.9
-
Component/s: None
-
Labels:
-
Tests:Integration
-
Difficulty:Unknown
-
Documentation:N/A
-
Documentation in Release Notes:N/A
-
Similar issues:
Description
Steps to reproduce:
- Click on "Forgot your username?" on the login screen
- Open http://<server>/xwiki/bin/view/XWiki/ForgotUsername and add both a valid email associated to an user and an invalid email
Result: the platform confirms if the user exists or not.
Expected result: a generic message concerning the user without confirming if it exists or not (e.g. "If the account is registered on the application, you will receive a dedicated message").
Attachments
Issue Links
- is related to
-
XWIKI-18787 The "Forgot your password?" form offers too much information concerning user accounts
-
- Closed
-
- relates to
-
XWIKI-18408 ForgotUsername is not protected against CSRF
-
- Closed
-
-
XWIKI-18787 The "Forgot your password?" form offers too much information concerning user accounts
-
- Closed
-
- links to