Mild security flaw on this forum, please fix asap!

Hey there,
just wanted to reset my password and i saw this message (red part added by me):

This is bad practice, because you are giving away information for free, who is registered in this forum, without authenticating in any way.
The best practice is to just write “if you have an account here, you will get an emil now”. There is no reason to give away this information in the first place, because the user will see within a few seconds if he has an account, when he looks into his emails.

Even companies that are not related to security are following this practice, so i think Bitwarden should implement this security feature asap.

I would love to get a response here from someone who is working on the forum or can forward this.

Thanks and keep the good work up, Bitwarden is awesome :slight_smile:

1 Like

Hi @mhombach - welcome!

I’ll take a look and see what the options are.

Fixed - now it won’t let you know if an account was found or not :+1:


This… has been the fastest response and solved issue in my whole career and life.
I’m amazed, seriously.
Thank you very much


Quickly done. Great job