-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: None
-
Component/s: Security - Other
-
Severity 3 - Minor
-
2
If you use the reset password function you can find out three groups of users:
- user is local or in a read/write user directory
- user is in a read only user directory
- user does not exists
This information should not be visible outside. Such information is helpful in a logfile, but the user should only the see a message like "If you are a registered user you should receive a password reset message.".
