Hello,
I have a security issue with one of my blogs. Non-members test different email addresses to identify members who are registered.
When it enters an unknown address, it specifies it, otherwise it proposes to send a new password.
Would it be possible to make sure that if the email address does not exist the administrator is notified in addition to making it appear that the email is valid.
Please do not make this subject public
General Support
b2evolution CMS Support Forums
a) wonder what version you are using and
b) how to you do the test
On an old site 6.10.5 if I ask for a password for a non-existant address I get a notifiction as in the image. So there is no indication to the testy user if the email is real of not ?? So in this simple test I can't see any security risk ?