This project is not covered by Drupal’s security advisory policy.
Some forms in Drupal core pose security concerns - for example, the password reset form displays an error message when a username/email address does not exist in the system. This means that valid usernames can be enumerated through the use of the reset password form.
Currently, this module secures the password reset form by overriding core's validation handlers and performing the same steps but instead of setting an error, simply redirecting and displaying a message as if the submission was a success.
Further enhancements will be added if similar issues are found with other forms.
Supporting organizations:
Project information
Unsupported
Not supported (i.e. abandoned), and no longer being developed. Learn more about dealing with unsupported (abandoned) projects- Obsolete
Use of this project is deprecated. - Project categories: Access control, Security
4 sites report using this module- By acbramley on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
