Information disclosure through search engines (password reset token)

Search on google for: site:"hq.breadcrumb.com" Or access this link: https://www.google.com/search?q=site%3A%22hq.breadcrumb.com%22&oq=site%3A%22hq.breadcrumb.com%22&aqs=chrome..69i57j69i58.6216j0j7&sourceid=chrome&ie=UTF-8 Note that this vulnerability can be obtain on other search engines. ## Impact An attacker can obtain an unused password reset token found using google.com in order to get access to an user account. In order to better ensure the security of the application do not allow google indexing of the token/password reset controller.