1. Vulnerability Overview:

• Vulnerability Name: mail enumeration
• Affected Software: laravel-starter
• Vulnerability Location: forget password

2. Description:

A vulnerability has been identified in Product laravel-starter v11.8.0 that allows an attacker to enumerate valid email addresses through the server's responses to email verification commands in the forget password functionality. This issue arises because the server provides distinguishable responses for valid and invalid email addresses, enabling attackers to determine the existence of specific email addresses on the system.

3. Steps to reproduce:

1. visit the product url and navigate to forget password functionality : https://laravel.nasirkhn.com/forgot-password
2. enter an invalid email and observe the response