MantisBT - CDash |
View Issue Details |
|
ID | Project | Category | View Status | Date Submitted | Last Update |
0013577 | CDash | | public | 2012-10-06 06:55 | 2012-10-18 03:17 |
|
Reporter | Jonnycake | |
Assigned To | Julien Jomier | |
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | fixed | |
Platform | | OS | | OS Version | |
Product Version | | |
Target Version | | Fixed in Version | 2.2 | |
|
Summary | 0013577: User Enumeration Vulnerability |
Description | User enumeration would allow an attacker to discover emails in the database. |
Steps To Reproduce | Input valid username/valid password: functions as expected.
Input valid username/invalid password: displays "Wrong username or password."
Input invalid username: displays "This user doesn't exist."
|
Additional Information | Quick fix, just change the text you display when an invalid username is input to that of a valid username/invalid password. |
Tags | No tags attached. |
Relationships | |
Attached Files | |
|
Issue History |
Date Modified | Username | Field | Change |
2012-10-06 06:55 | Jonnycake | New Issue | |
2012-10-18 03:11 | Julien Jomier | Assigned To | => Julien Jomier |
2012-10-18 03:11 | Julien Jomier | Status | new => assigned |
2012-10-18 03:17 | Julien Jomier | Note Added: 0031256 | |
2012-10-18 03:17 | Julien Jomier | Status | assigned => resolved |
2012-10-18 03:17 | Julien Jomier | Fixed in Version | => 2.2 |
2012-10-18 03:17 | Julien Jomier | Resolution | open => fixed |