UNSOLVED Registering with an existing email
We have a feedback from security expert.
When we signup with an email on registration page, page behaves differently when the email already exists. This gives information to attacker to filter out which emails exist.
Is it possible to configure the UI to behave similarly irrespective of whether email already exists or not. But, no verification email goes out if the email already exists.
mark.robustelli last edited by
@harish_reddy I just want to make sure I understand where you are coming from. If you user signs up with an email address, you want the same response even if they are already signed up? Can you please share some images of how you would like the flow to work? I think this could cause problems and confusion the way I am thinking about it.