MantisBT - CDash |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0013577 | CDash | | public | 2012-10-06 06:55 | 2012-10-18 03:17 |
|
| Reporter | Jonnycake | |
| Assigned To | Julien Jomier | |
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 2.2 | |
|
| Summary | 0013577: User Enumeration Vulnerability |
| Description | User enumeration would allow an attacker to discover emails in the database. |
| Steps To Reproduce | Input valid username/valid password: functions as expected.
Input valid username/invalid password: displays "Wrong username or password."
Input invalid username: displays "This user doesn't exist."
|
| Additional Information | Quick fix, just change the text you display when an invalid username is input to that of a valid username/invalid password. |
| Tags | No tags attached. |
| Relationships | |
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2012-10-06 06:55 | Jonnycake | New Issue | |
| 2012-10-18 03:11 | Julien Jomier | Assigned To | => Julien Jomier |
| 2012-10-18 03:11 | Julien Jomier | Status | new => assigned |
| 2012-10-18 03:17 | Julien Jomier | Note Added: 0031256 | |
| 2012-10-18 03:17 | Julien Jomier | Status | assigned => resolved |
| 2012-10-18 03:17 | Julien Jomier | Fixed in Version | => 2.2 |
| 2012-10-18 03:17 | Julien Jomier | Resolution | open => fixed |