Dear all,
We are receiving emails, like the one below, without the users asking for. Please note we have Drupal 7.24 out-of-the-box installed without any other module to implement password policies or password expiration.
Is there any process running in the background or this is a security issue and we are being attacked? Any advice?
Thank you.
Regards
Miguel
---------- Forwarded message ----------
From:
Date: 2014-02-17 9:30 GMT+01:00
Subject: Replacement login information for sysadmin at myApplication
To: user_mail@gmail.com
User mail,
A request to reset the password for your account has been made at myApplication.
You may now log in by clicking this link or copying and pasting it to your browser:
LINK TO RESET THE PASSWORD
This link can only be used once to log in and will lead you to a page where you can set your password. It expires after one day and nothing will happen if it's not used.
-- PUB5 Beta (Composition of WMO) team
Comments
Today I'm receiving these
Today I'm receiving these emails from all my Drupal sites ... Without asking to reset ?
Discussion about this
https://www.drupal.org/project/drupal/issues/2939720
Just saw the link to the
Just saw the link to the discussion. Going there next