id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26161	django.contrib.auth password reset email reveals the user id	Ran Benita	nobody	"This was already asked in an (unanswered) django-users question, and the description there still holds, so I'll not repeat it:
https://groups.google.com/forum/#!searchin/django-users/user$20id$20password$20reset/django-users/6c8_Vfr8K1w/-TXJoVBM3poJ

I think most sites would prefer not to reveal how many users are registered or the growth rate of that value, and this is the only place that I know of where the user ID is exposed.

I suspect there is no way to fix the existing view/form in a backward-compatible way, because of custom templates and 3rd party packages which use this, like ""djoser"", but thought I'd raise the issue anyway."	Bug	closed	contrib.auth	1.9	Normal	invalid			Unreviewed	0	0	0	0	0	0