[jira] [Created] (SYNCOPE-1974) Harden password reset errors against user enumeration

Massimiliano Perrone (Jira) Mon, 08 Jun 2026 08:06:35 -0700

Massimiliano Perrone created SYNCOPE-1974:
---------------------------------------------


             Summary:   Harden password reset errors against user enumeration
                 Key: SYNCOPE-1974
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1974
             Project: Syncope
          Issue Type: Improvement
            Reporter: Massimiliano Perrone
            Assignee: Massimiliano Perrone
             Fix For: 4.0.7, 4.1.2, 5.0.0


Password reset responses should be hardened to avoid exposing whether a 
submitted username or email address matches an existing user account.

Add a configurable option to return a generic password reset response when the 
submitted account identifier is unknown or invalid, while preserving backward 
compatibility for existing deployments.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SYNCOPE-1974) Harden password reset errors against user enumeration

Reply via email to