You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
when the signIn fails due to a wrong username or wrong password, the response error actually says either wrong username or wrong password.
this is a security vulnerability. firstly it tells the attacker that they've got the username right. and secondly it allows the attacker to check your system against existing email databases and know who's actually registered in the system.
the failure message should just say 'wrong username or password'. don't even mention 'email'
The text was updated successfully, but these errors were encountered:
when the signIn fails due to a wrong username or wrong password, the response error actually says either
wrong usernameorwrong password.this is a security vulnerability. firstly it tells the attacker that they've got the username right. and secondly it allows the attacker to check your system against existing email databases and know who's actually registered in the system.
the failure message should just say 'wrong username or password'. don't even mention 'email'
The text was updated successfully, but these errors were encountered: