The requestor could be an attacker who is targeting a specific email or collecting a list of users of the website. If they receive a message explicitly disclosing whether an account exists or not, the information can be used by the attacker.
I seem to have messed up something with the initial installation. Created a new branch from "master" and re-implemented the fix there: #25
Thank you so much.
The requestor could be an attacker who is targeting a specific email or collecting a list of users of the website. If they receive a message explicitly disclosing whether an account exists or not, the information can be used by the attacker.
21