Perhaps a bug, perhaps a feature. You’d have to check with the BZ devs. I’ve seen some site security recommendations to NOT show a different message.
Personally, I doubt it really discourages hackers or makes their task harder and it just frustrates a user who isn’t sure what address he/she signed up with. Regards, Adrien > On May 15, 2018, at 3:55 PM, Frank H. Ellenberger > <[email protected]> wrote: > > At first, IMHO there is a bg in bugzilla: > "A token for changing your password has been emailed to > [email protected]. Follow the instructions in that email to > change your password." > But there is no email. If the user is not in the database the message > should be different. > Or an email should be sent "Sorry, I don't know you..." > > Creating a new account with a different address works. Email gets sent. > > Am 15.05.2018 um 20:35 schrieb Derek Atkins: > : > _______________________________________________ > gnucash-devel mailing list > [email protected] > https://lists.gnucash.org/mailman/listinfo/gnucash-devel > _______________________________________________ gnucash-devel mailing list [email protected] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
