api-management-developer-portal
api-management-developer-portal copied to clipboard
Azure
Request password reset returns internal server error when email address is not valid
Every bug report should have precise description and reproduction steps; console traces or source code references are appreciated.
For assistance requests, contact Azure support or submit a post on Stack Overflow. We don't provide support through GitHub Issues. Feature requests can be raised on the Azure Feedback Forum.
Bug description
If a password reset is requested for an email address not registered on with API management, get "Server error. Unable to send request. Please try again later"
Reproduction steps
- Go to forgot password
- enter a email address that is not valid for any user
- enter the characters
- click request reset
- Server error is returned
Expected behavior
Same as if it was a valid email address. The site shouldn't error - could be used to compromise system if can identify valid vs non valid email addresses registered.
Is your portal managed or self-hosted?
Managed
Release tag or commit SHA (if using self-hosted version)
NA
API Management service name
emi
Environment
Chrome / Windows 10
Additional context
Hi Rachel, thanks for reporting the issue. We would need your APIM service name to investigate it. Please send it to [email protected].
@rachel-langford thank you, we will enhance this behavior in the next managed version release
By adding this issue to the Backlog project, we have prioritized it for development. You can monitor its status in the project's board.
![msftbot[bot] avatar](https://avatars.githubusercontent.com/in/26612?v=4 "Published by a pub.dev verified publisher"){kind=small}
@antonsalimAU, we will soon start working on a fix and it will likely be deployed in the first quarter of 2022.
