Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#53373 closed enhancement (duplicate)

Reset password process reveals if an email address exists in the database

Reported by: henrywright's profile henry.wright Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description

If an email address doesn't exist, this message is given when a password reset is requested:

Error: There is no account with that username or email address.

This, although debatable, isn't good practice.

Change History (2)

#1 @jorbin
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This is by design. There is a balance to be made between security and user-friendliness.

The decision to leave this alone has been made many many times as shown in the following tickets (if not others).
Related, duplicate: #3708, #4290, #5301, #12129, #22421, #31787, #45318

#2 @henry.wright
4 years ago

Thanks for pointing that out. I respectfully disagree but I do understand the push for user-friendliness

Note: See TracTickets for help on using tickets.