|
|
|
|
|
|
by emedchill
968 days ago
|
|
|
> don't let the end user know that you were able to send an email. I need to stress this is a very important point. If you happen to state the email they entered already exists in the system, the attacker now knows that is a valid account then use a known password linked to that email to gain access. |
|
|