Message4703
Bernhard, in msg4367 you seem to think that someone needs to get hold of
the sent mail to retrieve the address.
Clarification:
The email address is displayed as "Email sent to user@example.com" in
the web interface, even when just the username was entered in the
password reset form.
I consider this an information leak as it does not even use the
permission system, therefore upgrading to type security and severity
normal. I would even think that a higher severity level might be
appropriate. |
|
| Date |
User |
Action |
Args |
| 2012-12-18 14:42:44 | ThomasAH | set | messageid: <1355841764.29.0.28598662276.issue2550716@psf.upfronthosting.co.za> |
| 2012-12-18 14:42:44 | ThomasAH | set | recipients:
+ ThomasAH, ber, ezio.melotti, luke |
| 2012-12-18 14:42:44 | ThomasAH | link | issue2550716 messages |
| 2012-12-18 14:42:42 | ThomasAH | create | |
|