Steps to reproduce:
- Click on "Forgot your password?" on the login screen
- Open http://localhost:8080/xwiki/bin/view/XWiki/ResetPassword or http://localhost:8080/xwiki/authenticate/reset and add an invalid password
Result: the platform confirms if the user exists or not (on 12.10.8 and 13.4).
Expected result: a generic message concerning the password without confirming if the user exists or not (e.g. "If the account is registered on the application, you will receive a dedicated message").