Issue
- It is possible to determine if an email address is valid or not (i.e., user enumeration) by comparing the request's response time. This can be done by checking the browser's network tab and comparing the response time when valid parameters are passed to when they are not.
Environment
- DXP 7.4
Resolution
- The issue was addressed by LPS-153080 and was added to DXP 7.4 U28, so upgrading to this version or the latest one should resolve this.
- If needed, a hotfix can be requested from Liferay Support to address this to versions prior to U28.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar