Reset password page leaks information about valid email addresses
Your password reset page is giving away information about account emails. Anybody can try likely emails for a target, until they hit upon an email that does not return an error message.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
0
Comments
-
@acrabb: That's a fair point, but given that a forum account is in no way associated with 1Password user data or license information, I'm not sure what the risk is. Sometimes folks complain that they have to sign up for a separate forum account to post here, which is inconvenient, no doubt, but very intentional for security reasons. And presumably you're not reusing your forum password anywhere else. ;)
0
This discussion has been closed.