Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login fields inaccurate/unsafe error messages #287

Open
swxk19 opened this issue Nov 4, 2023 · 0 comments
Open

Login fields inaccurate/unsafe error messages #287

swxk19 opened this issue Nov 4, 2023 · 0 comments
Labels
bug Something isn't working priority.low Nice to fix, but not essential

Comments

@swxk19
Copy link
Contributor

swxk19 commented Nov 4, 2023

image
'Account does not exist' seems inaccurate for empty username field

In general it might be easier and safer to give more generic error messages, to avoid being prone to oracle attacks (a user is informed if acconut exists, but wrong password), especially since we do not have limited login attempts.

An improvement can be just to say 'Invalid login credentials' for most scenarios.
@swxk19 swxk19 added the bug Something isn't working label Nov 4, 2023
@EvitanRelta EvitanRelta added the priority.low Nice to fix, but not essential label Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working priority.low Nice to fix, but not essential
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EvitanRelta @swxk19