Joris MASSON (jmasson)2025-10-01 09:42 Thanks, I'll mark this as closed then. Have a nice day ! Status changed from Under review to ClosedConnected artifacts Added Fixed in: rel #44427Close date set to 2025-10-01
Joris MASSON (jmasson)2025-09-30 17:28 gerrit #35697 has been integrated. @atisne is it sufficient ? Is something missing in the log messages ? If it's sufficient, could you please mark gerrit #35694 as "Abandoned" so we know it's closed ?
Aurélien Tisné (atisne)2025-09-26 11:55 Yes I know. Safety is done at the expense of the user experience. Thank you the black hats. Thank you to validate the change and help admins ;-)
Thomas Gerbet (tgerbet)2025-09-26 11:34 When you ask to reset a password using a wrong username or if the account has no password, Tuleap does nothing and displays the same page as it succeed. To be fair this is done this way because there is no real other options for these situations. Tuleap cannot leak information about this to unauthenticated users without making pentesters unhappy and requesting CVE IDs :) (request #43674). Please consider gerrit #35694 Thanks for this, I have pushed gerrit #35697 so we can distinguish the different cases. Status changed from New to Under implementation