User Enumeration
Problem
It is possible to identify valid user accounts, due to the application revealing the existence of the registered email addresses through error messages.
Threat
An attacker can compile a list of existing accounts, which can be used for password guessing attacks or Social Engineering.
Possible mitigation
Always display neutral (error) messages, regardless of the fact whether an account exists or not. Furthermore, make sure that there is no side-channel, which could leak user information such as application response times or status codes.