Security Improvement: User accounts are testable
------------------------------------------------
Key: MAGNOLIA-3347
URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3347
Project: Magnolia
Issue Type: Improvement
Components: admininterface
Reporter: Martin Ruf
Assignee: Philipp Bärfuss
User accounts can be tested very easily, there are three (or more) different
error messages when login fails:
- user deactivated
- wrong password
- user does not exist
Knowing valid user accounts can be used as a basis for brute force attacks, a
generic error message should be shown ("login failed" or something like that).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
