This Help forum is for issues relates to the latest release (1.4.6). For issues related to beta or git version please use their own Help forum.
Before asking for help please read "How to request help" by clicking on that tab above here.

TOPIC: Request for password

Request for password 6 years 1 month ago #1

  • Jacoline
  • Jacoline's Avatar
  • Offline
  • Senior
  • Posts: 288
I occ. delete my logfiles and before I do it I allways look after any isues. And I like this feature cause I really do catch some because of those :)

And I noticed a user (not not of mine - nobody can request user access as default by me) asked for a new password. (the log files told that she did that more than 6 times) And I tested this myself.

I used a google gmail I have and this gmail is not in my userlist. And I got this nice receipt that a new password was send to the email.

I have no idea what the code does. But should it not say: the email is not registred instead since it is not registred in my user table?
Who is still noobish after 5 years with webtrees (since 7-21-2010)

My family roots can be found on jaconelli.dk/webtrees (and several other pages)
(latest) webtrees: www.familien-johnsen.dk

Kontakt mig for support på dansk!
The administrator has disabled public write access.

Request for password 6 years 1 month ago #2

  • fisharebest
  • fisharebest's Avatar
  • Offline
  • Administrator
  • Posts: 11224
You get the same message whether the account exists or not.

This is to prevent an attacker from being able to guess usernames/emails and find out which ones are genuine.

It is similar to the error message "This individual does not exist or you do not have permission to see it". We don't say whether the individual actually exists or not.
Greg Roach - This email address is being protected from spambots. You need JavaScript enabled to view it. - fisharebest.webtrees.net
The administrator has disabled public write access.

Request for password 6 years 1 month ago #3

  • Jacoline
  • Jacoline's Avatar
  • Offline
  • Senior
  • Posts: 288
Oh I see

Good point :)

In my case I actually do not think it was an attacker - just a dane - that did not read my message file (the email was a danish name and email host)

But could it not contain this too: If your email is registred an email with new password will be xxxxxx ect. (will prolly not see it anyway and btw I can not get it translated to danish)
Who is still noobish after 5 years with webtrees (since 7-21-2010)

My family roots can be found on jaconelli.dk/webtrees (and several other pages)
(latest) webtrees: www.familien-johnsen.dk

Kontakt mig for support på dansk!
Last Edit: 6 years 1 month ago by Jacoline.
The administrator has disabled public write access.
Powered by Kunena Forum