Skip to content

Commit

Permalink
change user not found message returned to prevent enumeration attack
Browse files Browse the repository at this point in the history
Andres Campanario committed Jan 8, 2025
1 parent c1fa7ea commit aefe695
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/Controller/Traits/PasswordManagementTrait.php
Original file line number Diff line number Diff line change
@@ -120,7 +120,7 @@ public function changePassword($id = null)
}
}
} catch (UserNotFoundException $exception) {
$this->Flash->error(__d('cake_d_c/users', 'User was not found'));
$this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));
} catch (WrongPasswordException $wpe) {
$this->Flash->error($wpe->getMessage());
} catch (Exception $exception) {
@@ -175,7 +175,7 @@ public function requestResetPassword()

return $this->redirect(['action' => 'login']);
} catch (UserNotFoundException $exception) {
$this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference));
$this->Flash->error(__d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.'));
} catch (UserNotActiveException $exception) {
$this->Flash->error(__d('cake_d_c/users', 'The user is not active'));
} catch (Exception $exception) {

0 comments on commit aefe695

Please sign in to comment.