Does Password Reset validates the Email Address?
SAP SuccessFactors Recruiting Management
Reproducing the Issue
- Access the Career site;
- Go to Profile;
- Click in Forget Password;
- Type in the Email;
- And click in Submit.
The system is validating the Email address, but that only happens after the submission, and there is no feedback to the candidate if that email is correct or not, and that is on purpose.
The validation that the system makes is after the submit happens, and then if there is a matching email address the candidate will receive the email with the information on how to reset the password, that is made to be a layer of security for the candidates. If a not well intended user access your external career site and goes to the Forget Password feature and tries out the email address, this user would be able to find out emails that have profiles on your career site, as the system would return a confirmation that the email has a profile created.
Instead, our system returns a message to the candidate saying that if there is a profile that matches the information entered, that address will receive an email with further instructions.
The message that shows afterwards can be changed as well, check the following article for information about it: 2598459
email, address, reset, password, validate, email, candidate, password, help, feature , KBA , LOD-SF-RCM-CAN , General Candidate Issues (not Offers, not Profiles) , How To