You are right, this behavior is to protect Cognito customers from username enumeration risks. The behavior is highlighted in the managing error messages page and applied when prevent user existence error is enabled.
When you enable custom error responses, Amazon Cognito authentication APIs return a generic authentication failure response. The error response tells you the user name or password is incorrect. Amazon Cognito account confirmation and password recovery APIs return a response indicating a code was sent to a simulated delivery medium.
Cognito Hosted UI customization not updatingasked 7 months ago
Cognito Forgot password email not received.asked 2 years ago
can we change the colour of "Forgot your password?" in the cognito UI login page ?asked 4 months ago
Cognito Hosted UI to Custom UIAccepted Answerasked 2 years ago
Cognito Hosted UI user email verification (using valid verification code) failed (according to UI) but user is confirmed.asked 7 months ago
Amazon Cognito hosted UI password reset code messageAccepted Answerasked 8 months ago
Is there any way to display a "Confirm Password" field in the Cognito hosted UI?asked 7 months ago
Disable hosted UIasked 4 years ago
How to translate Cognito Hosted UI Forms?asked 5 months ago
Cognito Hosted UI TOTP or Amplifyasked 7 months ago