Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Issue] Removed email disclosure #39574

Open
5 tasks
m2-assistant bot opened this issue Jan 28, 2025 · 4 comments · May be fixed by #39570
Open
5 tasks

[Issue] Removed email disclosure #39574

m2-assistant bot opened this issue Jan 28, 2025 · 4 comments · May be fixed by #39570
Assignees
Labels
feature request Reported on 2.4.x Indicates original Magento version for the Issue report.

Comments

@m2-assistant
Copy link

m2-assistant bot commented Jan 28, 2025

This issue is automatically created based on existing pull request: #39570: Removed email disclosure


Description (*)

Display an error message indicating an incorrect email if the entered email is not required to confirm the account, regardless of whether the customer exists or not.

customer/account/confirmation

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • All automated tests passed successfully (all builds are green)
@m2-assistant m2-assistant bot linked a pull request Jan 28, 2025 that will close this issue
6 tasks
@engcom-Bravo engcom-Bravo self-assigned this Jan 28, 2025
Copy link
Author

m2-assistant bot commented Jan 28, 2025

Hi @engcom-Bravo. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

  • 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
  • 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue.
  • 3. Add Area: XXXXX label to the ticket, indicating the functional areas it may be related to.
  • 4. Verify that the issue is reproducible on 2.4-develop branch
    Details- If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
    - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
  • 5. Add label Issue: Confirmed once verification is complete.
  • 6. Make sure that automatic system confirms that report has been added to the backlog.

@engcom-Bravo engcom-Bravo added the Reported on 2.4.x Indicates original Magento version for the Issue report. label Jan 28, 2025
@engcom-Bravo
Copy link
Contributor

Hi @Mohamed-Asar,

Thanks for your reporting and collaboration.

Could you please elaborate the steps to reproduce and if possible provide screenshots to proceed further.

Thanks.

@engcom-Bravo engcom-Bravo added the Issue: needs update Additional information is require, waiting for response label Jan 29, 2025
@github-project-automation github-project-automation bot moved this to Ready for Confirmation in Issue Confirmation and Triage Board Jan 29, 2025
@engcom-Bravo engcom-Bravo moved this from Ready for Confirmation to Needs Update in Issue Confirmation and Triage Board Jan 29, 2025
@Mohamed-Asar
Copy link
Contributor

Hi @engcom-Bravo,

Navigate to the account confirmation page: customer/account/confirmation.

Enter an email address that is associated with an existing and already confirmed account.

The page will redirect to the login page and display a message stating that the account does not require confirmation.

Image

Image

If you enter an email address that does not have an associated account, an error message will appear stating that the email is incorrect.

Image

This behavior allows anyone to determine whether a customer account exists on the site, potentially exposing account status information.

@engcom-Bravo
Copy link
Contributor

Hi @Mohamed-Asar,

Thanks for your update.

We are considering as Enhancement to proceed further marking this as Feature Request.

Thanks.

@engcom-Bravo engcom-Bravo added feature request and removed Issue: needs update Additional information is require, waiting for response labels Jan 30, 2025
@engcom-Bravo engcom-Bravo moved this to Pull Request in Progress in Feature Requests Backlog Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request Reported on 2.4.x Indicates original Magento version for the Issue report.
Projects
Status: Pull Request in Progress
Development

Successfully merging a pull request may close this issue.

2 participants