Any security issues showing if a certain e-mail address was found in a database or not when a enduser requests a password-reset on a certain homepage or should the homepage just return some kind of generic error or maybe just ignore the error and claim that a mail was sent ?
Thank you
Yes.
This exposes an whether an account exists for that email address. An attacker would know that is a valid account.
This is really a usability versus security question.
Do you want your site to deceive users if an account doesn't exist and not give up information about which emails have accounts? Then claim a mail was sent.
Or do you want to leak whether an account exists or not and give a more meaningful message to users? Then tell users they haven't registered with the service yet.
You need to decide what is more important, the usability or security.
I would recommend to use a generic message which doesn't disclose the existence or non-existence of addresses.
The main problem would be that an attacker could find out if a specific person is using your website. Depending on the kind of website, that can be a rather important issue (see eg ashley madison). Even for non-sensitive websites the information may be interesting for attackers though (eg to find targets for phishing attacks).
Note though that if you do prevent disclosure when resetting, you should also prevent it when registering. Here, it can actually become a usability issue, so you should weight advantages and disadvantages carefully.
