Wrong message shown when recovering password for non existing user

Question

Wrong message shown when recovering password for non existing user

tdziurko opened this issue 12 years ago · 1 comments

Application is displaying "E-mail with reset link sent" message even when we submit non existing user login or e-mail.

Answer 1 · 2013-03-28T15:38:26.000Z

This is actually designed and wanted behaviour. This way you don't know whether such user exists or not. Kind of security stuff. I'd only change "E-mail with reset link sent" to "E-mail with reset link sent if user was found".