Writing · Tag

Articles tagged "user-enumeration".

1 article on this topic.

·7 min read · security , supabase , auth-jwt

User enumeration via password reset: the bug in default forgot-password flows

Most forgot-password endpoints leak whether an email exists. The fix is one rule: return the same response always, regardless of account status.

User enumeration via password reset: the bug in default forgot-password flows: cover image
← All articles