AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-08-13 · Documentation low

File: cognito/latest/developerguide/managing-users-passwords.md

Summary

Added documentation about InvalidParameterException response for password-reset requests without valid recovery method

Security assessment

Clarifies error handling for password recovery security feature but doesn't indicate a specific vulnerability being addressed

Diff

diff --git a/cognito/latest/developerguide/managing-users-passwords.md b/cognito/latest/developerguide/managing-users-passwords.md
index b0baf75e6..ca5466972 100644
--- a//cognito/latest/developerguide/managing-users-passwords.md
+++ b//cognito/latest/developerguide/managing-users-passwords.md
@@ -34,0 +35,2 @@ Your password recovery settings must provide an alternative option when users ar
+Amazon Cognito replies to password-reset requests from users who don't have a valid recovery method with an `InvalidParameterException` error response.
+