Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't expose email address in Send Reset Instructions #571

Closed
Quy opened this issue May 6, 2016 · 4 comments
Closed

Don't expose email address in Send Reset Instructions #571

Quy opened this issue May 6, 2016 · 4 comments

Comments

@Quy
Copy link
Contributor

Quy commented May 6, 2016

This message is displayed with the email address. Email should not be exposed to prevent email harvesting.

Instructions to reset your password have been sent via email to [email protected]
@rhukster
Copy link
Member

rhukster commented May 7, 2016

I don't think this is a real security issue. You would have to intercept the mail for it to make use of the information as you can't use email to login with.

@rhukster rhukster closed this as completed May 7, 2016
@Quy
Copy link
Contributor Author

Quy commented May 7, 2016

But the email can be added to a spam list once exposed.

@pieplu
Copy link
Contributor

pieplu commented Jun 1, 2016

Yes, maybe hide the email for robot reader would be good no?

rhukster added a commit that referenced this issue Jun 2, 2016
@rhukster
Don't show email address when sending forgot pw instructions #571
77e2e65
@rhukster
Copy link
Member

rhukster commented Jun 2, 2016

Fixing anyway!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Quy @rhukster @pieplu