Hi,

if you go to the login page of Odoo 13 click on reset password. and enter a mail address which is not valid you get an error message invalid email. If you enter a correct email address you get a different message.

This can be easily exploited by bruteforcing a list of emails to get an email registered at the Odoo app.

Is there a way to fix it?

kind regards