Re: [keycloak-user] Forgot password does not verify the account
I'm not really in the know about this stuff, but I'd guess that's by
design. If the recovery process gave an error message for unregistered
email addresses, then that would provide a way for an attacker to find out
whether or not a given email address is registered in the service.
On Thu, May 11, 2017 at 6:47 AM, <tecnologia(a)growingup.com.co> wrote:
The password remembering option is not validating that the email is
registered.
The expected result is that you do not use an unregistered email, you get
an
error message
Always confirms, even when the account does not exist.
--
Jairo Henao Rojas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user