Infogram: User Enumeration

ID H1:280509
Type hackerone
Reporter saikiran-10098
Modified 2017-10-27T11:27:45


Vulnerability:- ->User enumeration is possible through forgot password feature.

steps to reproduce:- ->Go to the above selected domain and go to forgot password. ->You can submit a mail address and check whether it is existing in your database or not.

Remediation:- ->It should display like "if that mail address exists in our system, then we will send password reset link."

I hope that you will consider this issue as you also welcome the reports of best practices.

Thank you