Impact
A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled
Explanation of the vulnerability
Two different error messages was shown, based on if the user exists or not when using the forgot password functionality, when the SMTP was configured but do not response.
emmagarland Reporter
Impact
A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled
Explanation of the vulnerability
Two different error messages was shown, based on if the user exists or not when using the forgot password functionality, when the SMTP was configured but do not response.