Is this intended functionality?
The customer is currently not made aware of their, e.g. possible mistake in the address - they are just left hanging.
Is this intended functionality?
The customer is currently not made aware of their, e.g. possible mistake in the address - they are just left hanging.
Last edited by kalastaja; 25 Apr 2017 at 04:20 PM.
The idea is to make the hacker think they are going to be getting a new password.
Of course, with open source, you can always search for the wording and change it to "If the address you used is registered with us, a new password is on it's way."
Personally, I'd just leave it alone.
Are You Vulnerable for an Accessibility Lawsuit?
myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
Free SSL, Domain, and MagicThumb with semi-annual and longer hosting.
my opinion is that it is very frustrating for the customer, and that hackers are far more sophisticated than some people give them credit.
i see far more brute force attempts at logging into a server, than someone trying to hack a user account.
this topic was addressed here:
https://github.com/zencart/zencart/issues/1295
and for v160, there will be a switch which allows the store owner to say whether the email address is registered or not.
best.
Bookmarks