change user not found message returned to prevent enumeration attack

CakeDC · Jan 8, 2025 · aefe695 · aefe695
1 parent c1fa7ea
commit aefe695
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
@@ -120,7 +120,7 @@ public function changePassword($id = null)
                     }
                 }
             } catch (UserNotFoundException $exception) {
-                $this->Flash->error(__d('cake_d_c/users', 'User was not found'));
+                $this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));
             } catch (WrongPasswordException $wpe) {
                 $this->Flash->error($wpe->getMessage());
             } catch (Exception $exception) {
@@ -175,7 +175,7 @@ public function requestResetPassword()
 
             return $this->redirect(['action' => 'login']);
         } catch (UserNotFoundException $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference));
+            $this->Flash->error(__d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.'));
         } catch (UserNotActiveException $exception) {
             $this->Flash->error(__d('cake_d_c/users', 'The user is not active'));
         } catch (Exception $exception) {