search

quantazelle / daytum

Automatically exported from code.google.com/p/daytum
0 stars 0 forks source link

Forgotten password tool reveals user's email address #94

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. select a username at random
2. visit http://daytum.com/passwords/forgot_password
3. enter the username and hit send
4. the screen returns Email sent to XXXX <--- where this is someone's email
address

What is the expected output? What do you see instead?
i wouldn't expect to be able to get a user's personal email address by
entering their username. feels like a privacy concern

hope that helps!

Original issue reported on code.google.com by webpo...@gmail.com on 18 Feb 2009 at 2:24

GoogleCodeExporter commented 9 years ago

Original comment by felt...@gmail.com on 18 Feb 2009 at 2:42