servnest
/
servnest
1
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Hide whether an account exists or not #12

New Issue
Open
opened 2024-02-14 18:47:21 +01:00 by miraty · 0 comments
miraty commented 2024-02-14 18:47:21 +01:00
Owner
Copy Link

Currently, /auth/login indicates whether the tried username exists or not. To fix this privacy issue, the same message should be answered if the username doesn't exists and if the password is wrong. The answer should also be constant time to avoid timing attacks.

Currently, `/auth/login` indicates whether the tried username exists or not. To fix this privacy issue, the same message should be answered if the username doesn't exists and if the password is wrong. The answer should also be constant time to avoid timing attacks.
miraty added the
Security
auth
 labels 2024-02-14 18:47:22 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
dev
Labels
Clear labels   
Accessibility

Provide optimal access for every use case

  
Anti-spam

Prevent abuse of the service

  
auth

   
Bug

   
CSS

Page graphical display

  
Feature request

   
ht

Hypertext service

  
HTML

Page structure

  
ns

Nameserver service

  
reg

Domain registry service

  
Security

Protect integrity, confidentiality and disponibility of the service and users data

No Label
Accessibility
Anti-spam
auth
Bug
CSS
Feature request
ht
HTML
ns
reg
Security
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: servnest/servnest#12
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?