change user not found message returned to prevent enumeration attack

CakeDC · Jan 8, 2025 · 706ce20 · 706ce20
1 parent aefe695
commit 706ce20
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
@@ -120,7 +120,7 @@ public function changePassword($id = null)
                     }
                 }
             } catch (UserNotFoundException $exception) {
-                $this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));
+                $this->Flash->error(__d('cake_d_c/users', 'User was not found'));
             } catch (WrongPasswordException $wpe) {
                 $this->Flash->error($wpe->getMessage());
             } catch (Exception $exception) {