Auth0 Home Blog Docs

Password reset exposes account exists



When using auth0 accounts, we have a customer that noticed resetting a password confirms that an account exists. Entering in a non-existent account produces a response saying:

“We’re sorry. Something went wrong when requesting the password change”

… and when entering in a valid account:

“We’ve just sent you an email to reset your password”

Is there a way to configure auth0 password reset UI to respond with an ambiguous message that neither confirms or denies the account exists?


Have you looked into the following:


Thanks!!! we will try that.