User Enumeration- Forgot Password #VDP

User Enumeration:

User Enumeration is a kind of vulnerability where a malicious user tries to identify whether a particular user is registered or not in an organization.

Vulnerability:

At the forgot password select any email address you want to look up enter email value such as “abc@gmail.com” if it’s registered it sends an email directly if not the application is responding with an error page “ No user exists for this e-mail address: “abc@gmail.com”