AWS cognito documentation change
Summary
Added documentation about InvalidParameterException response for password-reset requests without valid recovery method
Security assessment
Clarifies error handling for password recovery security feature but doesn't indicate a specific vulnerability being addressed
Diff
diff --git a/cognito/latest/developerguide/managing-users-passwords.md b/cognito/latest/developerguide/managing-users-passwords.md index b0baf75e6..ca5466972 100644 --- a//cognito/latest/developerguide/managing-users-passwords.md +++ b//cognito/latest/developerguide/managing-users-passwords.md @@ -34,0 +35,2 @@ Your password recovery settings must provide an alternative option when users ar +Amazon Cognito replies to password-reset requests from users who don't have a valid recovery method with an `InvalidParameterException` error response. +