2 Dec 04, 2019 17:50
a) wonder what version you are using and
b) how to you do the test
On an old site 6.10.5 if I ask for a password for a non-existant address I get a notifiction as in the image. So there is no indication to the testy user if the email is real of not ?? So in this simple test I can't see any security risk ?