2625180 - Forgot user functionaility is not throwing validation error with bad e-mail address

SAP Knowledge Base Article - Public

2625180 - Forgot user functionaility is not throwing validation error with bad e-mail address

Symptom

When attempting to use the forgot user function, and a bad e-mail address formatted correctly ( has a @ and a ."something") after, the screen goes to the ID assistnace screen instead of throwing a validation error. A valadation error can be created if the user puts in a bad e-mail address, such as forgetting a @, but not when a fake e-mail is entered.

Environment

SAP Learning Management System

Cause

This is working as intended. Validation errors should only be thrown if the e-mail structure is incorrect not if there is bad data in the e-mail.

Resolution

This helps prevent people with malicious intent to brute force find out if a e-mail address is a valid one for the company they are trying to access.

Keywords

KBA , LOD-SF-LMS-ADM , Admin Tools , Problem

Product

SAP SuccessFactors HCM Core 1711