๐ UPchieve: User enumeration through forget password
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Vulnerability:- ->User enumeration is possible through forgot password feature. steps to reproduce:- ->Go to the above selected domain and go to forgot password. ->submit random email and then intercept request by burp suit ->in response you will get { HTTP/1.1 500 Internal Server Error with {{"err":"No account with that id found."} } Remediation:- ->It should display like "if that mail address exists in our system, then we will send password reset link." I hope that you will consider this issue as you also welcome the reports of best practices. Thank you Impact Leaking users' emails. / Information... ...