#53373 closed enhancement (duplicate)
Reset password process reveals if an email address exists in the database
Reported by: | henry.wright | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
If an email address doesn't exist, this message is given when a password reset is requested:
Error: There is no account with that username or email address.
This, although debatable, isn't good practice.
Change History (2)
Note: See
TracTickets for help on using
tickets.
This is by design. There is a balance to be made between security and user-friendliness.
The decision to leave this alone has been made many many times as shown in the following tickets (if not others).
Related, duplicate: #3708, #4290, #5301, #12129, #22421, #31787, #45318