What steps will reproduce the problem?
1. select a username at random
2. visit http://daytum.com/passwords/forgot_password
3. enter the username and hit send
4. the screen returns Email sent to XXXX <--- where this is someone's email
address
What is the expected output? What do you see instead?
i wouldn't expect to be able to get a user's personal email address by
entering their username. feels like a privacy concern
hope that helps!
Original issue reported on code.google.com by webpo...@gmail.com on 18 Feb 2009 at 2:24
Original issue reported on code.google.com by
webpo...@gmail.com
on 18 Feb 2009 at 2:24