id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
19758	Password reset form should not leak information	anonymous	Horst Gutmann	"The provided password reset form leaks information about enrolled users by providing information as to whether an email is enrolled. This is obviously untenable for any site with even moderate confidentiality requirements.

Correct behavior is to display the same result regardless of whether an email is found in the database."	Bug	closed	contrib.auth	dev	Normal	fixed	sprint2013		Accepted	1	0	0	0	1	0