View Issue Details [ Jump to Notes ] | [ Print ] |
ID | Project | Category | View Status | Date Submitted | Last Update |
0013577 | CDash | | public | 2012-10-06 06:55 | 2012-10-18 03:17 |
|
Reporter | Jonnycake | |
Assigned To | Julien Jomier | |
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | fixed | |
Platform | | OS | | OS Version | |
Product Version | | |
Target Version | | Fixed in Version | 2.2 | |
|
Summary | 0013577: User Enumeration Vulnerability |
Description | User enumeration would allow an attacker to discover emails in the database. |
Steps To Reproduce | Input valid username/valid password: functions as expected.
Input valid username/invalid password: displays "Wrong username or password."
Input invalid username: displays "This user doesn't exist."
|
Additional Information | Quick fix, just change the text you display when an invalid username is input to that of a valid username/invalid password. |
Tags | No tags attached. |
|
Attached Files | |
|