You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
In order to prevent user enumeration, login errors should be generic (e.g., "login failed") and not specify why an authentication failure occurred (e.g., "wrong password", "username does not exist").
To Reproduce
What steps did you take when the issue occurred?
Attempt to log in with invalid credentials (bad username or password).
If the error message states "wrong password", you now know a valid username against which you can perform password guessing.
Expected behavior
The error should be generic. If it were, this type of user enumeration would not be possible, increasing the difficulty of attacks.
Screenshots
Operating system:
Ubuntu 22.04
CyberPanel version:
2.3
The text was updated successfully, but these errors were encountered:
Describe the bug
In order to prevent user enumeration, login errors should be generic (e.g., "login failed") and not specify why an authentication failure occurred (e.g., "wrong password", "username does not exist").
To Reproduce
What steps did you take when the issue occurred?
Expected behavior
The error should be generic. If it were, this type of user enumeration would not be possible, increasing the difficulty of attacks.
Screenshots
Operating system:
Ubuntu 22.04
CyberPanel version:
2.3
The text was updated successfully, but these errors were encountered: