You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Our error messages indicate if an account exists or not when trying to login which can result in a user enumeration attack.
It makes it easy to determine if the account that is being tested exists or not and then take it further.
Steps to reproduce:
Navigate to Login Page
Click on forgot password
Enter an invalid email address
Error Message: " This email address does not exist in our database! "
Now enter a valid Email
The Message is different
Describe the solution you'd like
We follow the same wording as WordPress core does however further discussion needs to be had around this
Additional context
Reported by Bullet / FS - 124740
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Our error messages indicate if an account exists or not when trying to login which can result in a user enumeration attack.
It makes it easy to determine if the account that is being tested exists or not and then take it further.
Steps to reproduce:
Describe the solution you'd like
We follow the same wording as WordPress core does however further discussion needs to be had around this
Additional context
Reported by Bullet / FS - 124740
The text was updated successfully, but these errors were encountered: