Issue
- It is possible to determine if an email address is valid or not (i.e., user enumeration) by comparing the request's response time. This can be done by checking the browser's network tab and comparing the response time when valid parameters are passed to when they are not.
Environment
- DXP 7.4
Resolution
- The issue was addressed by LPS-153080 and was added to DXP 7.4 U28, so upgrading to this version or the latest one should resolve this.
- If needed, a hotfix can be requested from Liferay Support to address this to versions prior to U28.
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión