Hi
This issue is about the users component disclosing if an Email Address is registered to a user or not.
Thanks
Use the com_users password reset process
Enter a registered Email
You now know this Email is registered as it redirects you, and can check for leaked passwords etc in hopes for gaining access.
Enter an invalid Email
You now know this Email is not valid due to notice message
Most modern applications use a system which gives a vague message such as, if the Email exists, then to check their inbox.
Email Address is disclosed if it exists.
Joomla 3.9.24
There is no ideal way to modify this without making core changes from what I have seen
Hi @richard67
Yes it looks like it would.
Any news on this being merged?
The pull request (PR) #30787 needs 2 good tests before it will get status "RTC" (ready to commit), and then later be merged.
For testing, apply the changes in the PR and test as described there in testing instructions part of the PR's description.
After the test, please mark your test result by going to the PR in our issue tracker here https://issues.joomla.org/tracker/joomla-cms/30787 , use the "Test this" button at the top left corner, select the appropriate test result (hopefully success) and then submitt.
Would be great if you could test it.
Another thing we do is that we close an issue as soon as we have a PR which claims to solve it (and later if necessary re-open it if turns out if that was wrong), and so I close this issue here. But thanks for reporting, maybe it puts more focus on that PR, and hopefully you can test it.
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-04-15 10:57:05 |
Closed_By | ⇒ | richard67 |
@CharlieH96 Would pull request #30787 solve your issue?