Recent Topics

1 Dec 04, 2019 14:21    

Hello,

I have a security issue with one of my blogs. Non-members test different email addresses to identify members who are registered.

When it enters an unknown address, it specifies it, otherwise it proposes to send a new password.

Would it be possible to make sure that if the email address does not exist the administrator is notified in addition to making it appear that the email is valid.

Please do not make this subject public

2 Dec 04, 2019 17:50

a) wonder what version you are using and
b) how to you do the test

On an old site 6.10.5 if I ask for a password for a non-existant address I get a notifiction as in the image. So there is no indication to the testy user if the email is real of not ?? So in this simple test I can't see any security risk ?

3 Dec 04, 2019 18:15

You're right, we just updated and it's at (us) that there's a problem.

Problem solved

4 Dec 04, 2019 20:53

Could have been usefull if you specified the version. :)


Form is loading...