From aefe695d1c8162b09a300c0bf8e284195f705d2d Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Wed, 8 Jan 2025 10:03:17 +0100
Subject: [PATCH 1/2] change user not found message returned to prevent
 enumeration attack

---
 src/Controller/Traits/PasswordManagementTrait.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
index e0a7d53cc..f5d9baebb 100644
--- a/src/Controller/Traits/PasswordManagementTrait.php
+++ b/src/Controller/Traits/PasswordManagementTrait.php
@@ -120,7 +120,7 @@ public function changePassword($id = null)
                     }
                 }
             } catch (UserNotFoundException $exception) {
-                $this->Flash->error(__d('cake_d_c/users', 'User was not found'));
+                $this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));
             } catch (WrongPasswordException $wpe) {
                 $this->Flash->error($wpe->getMessage());
             } catch (Exception $exception) {
@@ -175,7 +175,7 @@ public function requestResetPassword()
 
             return $this->redirect(['action' => 'login']);
         } catch (UserNotFoundException $exception) {
-            $this->Flash->error(__d('cake_d_c/users', 'User {0} was not found', $reference));
+            $this->Flash->error(__d('cake_d_c/users', 'If the account is valid, the system will send an instructional email to the address on record.'));
         } catch (UserNotActiveException $exception) {
             $this->Flash->error(__d('cake_d_c/users', 'The user is not active'));
         } catch (Exception $exception) {

From 706ce20bc07a160cca92fbda371db497b4f56171 Mon Sep 17 00:00:00 2001
From: Andres Campanario <andres.campanario@cakedc.com>
Date: Wed, 8 Jan 2025 10:06:16 +0100
Subject: [PATCH 2/2] change user not found message returned to prevent
 enumeration attack

---
 src/Controller/Traits/PasswordManagementTrait.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
index f5d9baebb..6cbe45c3c 100644
--- a/src/Controller/Traits/PasswordManagementTrait.php
+++ b/src/Controller/Traits/PasswordManagementTrait.php
@@ -120,7 +120,7 @@ public function changePassword($id = null)
                     }
                 }
             } catch (UserNotFoundException $exception) {
-                $this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));
+                $this->Flash->error(__d('cake_d_c/users', 'User was not found'));
             } catch (WrongPasswordException $wpe) {
                 $this->Flash->error($wpe->getMessage());
             } catch (Exception $exception) {