diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py
index a47264ee..71827852 100755
--- a/var/www/Flask_server.py
+++ b/var/www/Flask_server.py
@@ -193,18 +193,26 @@ def login():
 def change_password():
     password1 = request.form.get('password1')
     password2 = request.form.get('password2')
+    error = request.args.get('error')
 
-    # # TODO: display errors message
+    if error:
+        return render_template("change_password.html", error=error)
 
-    if current_user.is_authenticated and password1!=None and password1==password2:
-        if check_password_strength(password1):
-            user_id = current_user.get_id()
-            create_user_db(user_id , password1, update=True)
-            return redirect(url_for('dashboard.index'))
+    if current_user.is_authenticated and password1!=None:
+        if password1==password2:
+            if check_password_strength(password1):
+                user_id = current_user.get_id()
+                create_user_db(user_id , password1, update=True)
+                return redirect(url_for('dashboard.index'))
+            else:
+                error = 'Incorrect password'
+                return render_template("change_password.html", error=error)
         else:
-            return render_template("change_password.html")
+            error = "Passwords don't match"
+            return render_template("change_password.html", error=error)
     else:
-        return render_template("change_password.html")
+        error = 'Please choose a new password'
+        return render_template("change_password.html", error=error)
 
 @app.route('/logout')
 @login_required
@@ -229,7 +237,7 @@ def searchbox():
 @app.errorhandler(404)
 @login_required
 def page_not_found(e):
-    # note that we set the 404 status explicitly
+    # avoid endpoint enumeration
     return render_template('error/404.html'), 404
 
 # ========== INITIAL taxonomies ============
diff --git a/var/www/modules/Flask_config.py b/var/www/modules/Flask_config.py
index 899a26b5..29ae9eae 100644
--- a/var/www/modules/Flask_config.py
+++ b/var/www/modules/Flask_config.py
@@ -7,6 +7,7 @@
 import configparser
 import redis
 import os
+import re
 import sys
 
 # FLASK #
@@ -175,6 +176,9 @@ max_dashboard_logs = int(cfg.get("Flask", "max_dashboard_logs"))
 
 crawler_enabled = cfg.getboolean("Crawler", "activate_crawler")
 
+email_regex = r'[^@]+@[^@]+\.[^@]+'
+email_regex = re.compile(email_regex)
+
 # VT
 try:
     from virusTotalKEYS import vt_key
diff --git a/var/www/modules/settings/Flask_settings.py b/var/www/modules/settings/Flask_settings.py
index 09d5597d..2914213d 100644
--- a/var/www/modules/settings/Flask_settings.py
+++ b/var/www/modules/settings/Flask_settings.py
@@ -27,6 +27,7 @@ max_preview_char = Flask_config.max_preview_char
 max_preview_modal = Flask_config.max_preview_modal
 REPO_ORIGIN = Flask_config.REPO_ORIGIN
 dict_update_description = Flask_config.dict_update_description
+email_regex = Flask_config.email_regex
 
 settings = Blueprint('settings', __name__, template_folder='templates')
 
@@ -36,6 +37,13 @@ settings = Blueprint('settings', __name__, template_folder='templates')
 def one():
     return 1
 
+def check_email(email):
+    result = email_regex.match(email)
+    if result:
+        return True
+    else:
+        return False
+
 def generate_new_token(user_id):
     # create user token
     current_token = r_serv_db.hget('user_metadata:{}'.format(user_id), 'token')
@@ -142,13 +150,15 @@ def new_token_user():
 @login_admin
 def create_user():
     user_id = request.args.get('user_id')
+    error = request.args.get('error')
+    error_mail = request.args.get('error_mail')
     role = None
     if r_serv_db.exists('user_metadata:{}'.format(user_id)):
         role = r_serv_db.hget('user_metadata:{}'.format(user_id), 'role')
     else:
         user_id = None
     all_roles = get_all_roles()
-    return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role)
+    return render_template("create_user.html", all_roles=all_roles, user_id=user_id, user_role=role, error=error, error_mail=error_mail)
 
 @settings.route("/settings/create_user_post", methods=['POST'])
 @login_required
@@ -161,7 +171,7 @@ def create_user_post():
 
     all_roles = get_all_roles()
 
-    if email and len(email)< 300 and role:
+    if email and len(email)< 300 and check_email(email) and role:
         if role in all_roles:
             # password set
             if password1 and password2:
@@ -169,9 +179,9 @@ def create_user_post():
                     if check_password_strength(password1):
                         password = password1
                     else:
-                        return render_template("create_user.html", all_roles=all_roles)
+                        return render_template("create_user.html", all_roles=all_roles, error="Incorrect Password")
                 else:
-                    return render_template("create_user.html", all_roles=all_roles)
+                    return render_template("create_user.html", all_roles=all_roles, error="Passwords don't match")
             # generate password
             else:
                 password = secrets.token_urlsafe()
@@ -193,7 +203,7 @@ def create_user_post():
         else:
             return render_template("create_user.html", all_roles=all_roles)
     else:
-        return render_template("create_user.html", all_roles=all_roles)
+        return render_template("create_user.html", all_roles=all_roles, error_mail=True)
 
 @settings.route("/settings/users_list", methods=['GET'])
 @login_required
diff --git a/var/www/modules/settings/templates/create_user.html b/var/www/modules/settings/templates/create_user.html
index 6da31be3..139a2a90 100644
--- a/var/www/modules/settings/templates/create_user.html
+++ b/var/www/modules/settings/templates/create_user.html
@@ -33,7 +33,12 @@
 
           <h1 class="h3 mt-1 mb-3 text-center text-secondary">Create User</h1>
           <label for="inputEmail" class="sr-only">Email address</label>
-          <input type="email" id="inputEmail" name="username" class="form-control" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
+          <input type="email" id="inputEmail" name="username" class="form-control {% if error_mail %}is-invalid{% endif %}" placeholder="Email address" autocomplete="off" required {% if user_id %}value="{{user_id}}"{% else %}{% endif %}>
+          {% if error_mail %}
+            <div class="invalid-feedback">
+              Please provide a valid email address
+            </div>
+          {% endif %}
 
           <label  class="mt-3" for="role_selector">User Role</label>
           <select class="custom-select" id="role_selector" name="user_role">
@@ -54,9 +59,14 @@
           <div id="password-section">
     	      <h1 class="h3 mb-3 text-center text-secondary">Create Password</h1>
     	      <label for="inputPassword1" class="sr-only">Password</label>
-    	      <input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password">
+    	      <input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password">
     	      <label for="inputPassword2" class="sr-only">Confirm Password</label>
-    	      <input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password"  value="" autocomplete="new-password">
+    	      <input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password"  value="" autocomplete="new-password">
+            {% if error %}
+  						<div class="invalid-feedback">
+  							{{error}}
+  						</div>
+  					{% endif %}
 
           </div>
           <button class="btn btn-lg btn-primary btn-block mt-3" type="submit">Submit</button>
@@ -104,6 +114,10 @@ $(document).ready(function(){
   $("#password-section-info").hide();
   $("#nav_create_user").addClass("active");
 	$("#nav_user_management").removeClass("text-muted");
+
+  {% if error %}
+    toggle_password_fields();
+  {% endif %}
 } );
 
 function toggle_password_fields() {
diff --git a/var/www/templates/change_password.html b/var/www/templates/change_password.html
index e5f13a84..7722d86e 100644
--- a/var/www/templates/change_password.html
+++ b/var/www/templates/change_password.html
@@ -65,10 +65,15 @@
 		      <img class="mb-4" src="{{ url_for('static', filename='image/logo-small.png')}}" width="300">
 		      <h1 class="h3 mb-3 text-secondary">Change Password</h1>
 		      <label for="inputPassword1" class="sr-only">Password</label>
-		      <input type="password" id="inputPassword1" name="password1" class="form-control" placeholder="Password" autocomplete="new-password" required autofocus>
+		      <input type="password" id="inputPassword1" name="password1" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Password" autocomplete="new-password" required autofocus>
 		      <label for="inputPassword2" class="sr-only">Confirm Password</label>
-		      <input type="password" id="inputPassword2" name="password2" class="form-control" placeholder="Confirm Password"  value="" autocomplete="new-password" required>
-		      <button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
+		      <input type="password" id="inputPassword2" name="password2" class="form-control {% if error %}is-invalid{% endif %}" placeholder="Confirm Password"  value="" autocomplete="new-password" required>
+					{% if error %}
+						<div class="invalid-feedback">
+							{{error}}
+						</div>
+					{% endif %}
+					<button class="btn btn-lg btn-primary btn-block" type="submit">Submit</button>
 
 					<br>
 					<br>
diff --git a/var/www/templates/error/404.html b/var/www/templates/error/404.html
index 9b25da48..6943c674 100644
--- a/var/www/templates/error/404.html
+++ b/var/www/templates/error/404.html
@@ -2,7 +2,7 @@
 <html>
 
 <head>
-  <title>403 - AIL</title>
+  <title>404 - AIL</title>
   <link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
 
   <!-- Core CSS -->