Auth email enumeration protection disabled
Email enumeration protection is not enabled. This allows attackers to submit email addresses to authentication endpoints (e.g., password reset) and determine if an email is registered by analyzing error responses, facilitating targeted attacks.