[cf-dev] Reset password : if the unregistered email address entered then also giving success message. #uaa #cf

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Reset password : if the unregistered email address entered then also giving success message. #uaa #cf

shilpa kulkarni
Hi,
 
If I pass email id (which is not registered)for reset password link  then it should give error message but it is giving success message only. I am not getting where to change that code.
Can anyone please provide solution for this?
 
Thanks & Regards
Shilpa
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#9041) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #cf | Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Reset password : if the unregistered email address entered then also giving success message. #uaa #cf

Jonathan Matthews
Hey Shilpa,

I wouldn’t be surprised to find this is intentional. 

If this didn’t happen, then it would be possible for an attacker to try submitting many addresses, and then receive confirmation of which of them were related to accounts on the service/system.

I also wouldn’t be surprised to find that the service had an option to disable this behaviour in trusted environments, but I’ve no insight into that - I’m just mentioning that’s it’s /possible/ :-)

HTH,
J

On Sun, 14 Jun 2020 at 16:59, shilpa kulkarni <[hidden email]> wrote:
Hi,
 
If I pass email id (which is not registered)for reset password link  then it should give error message but it is giving success message only. I am not getting where to change that code.
Can anyone please provide solution for this?
 
Thanks & Regards
Shilpa

--
Jonathan Matthews
London, UK
https://jpluscplusm.com
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#9042) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #cf | Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_