You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a User fails to log into dotCMS, the payload in the Response object has a very small size, it provides an error message indicating that the login failed. But, when the authentication is successful, the payload has a bigger size because it provides the map of User data along with additional properties.
In a local environment, the difference in payload sizes look like this:
This might be a clue for hackers to deduce that a User exists based on timing and data received back when the login happens.
Proposed Objective
Security & Privacy
Proposed Priority
Priority 2 - Important
Acceptance Criteria
Come up with an effective solution to make authentication payload sizes as even as possible.
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Sub-Tasks & Estimates
No response
The text was updated successfully, but these errors were encountered:
damen-dotcms
changed the title
[Security] : Analyze response payload size of failed and successful authentication requests
Analyze response payload size of failed and successful authentication requests
Feb 15, 2023
Parent Issue
#23915
Task
Use Case scenario provided by Mehdi Karimi.
When a User fails to log into dotCMS, the payload in the Response object has a very small size, it provides an error message indicating that the login failed. But, when the authentication is successful, the payload has a bigger size because it provides the map of User data along with additional properties.
In a local environment, the difference in payload sizes look like this:
This might be a clue for hackers to deduce that a User exists based on timing and data received back when the login happens.
Proposed Objective
Security & Privacy
Proposed Priority
Priority 2 - Important
Acceptance Criteria
Come up with an effective solution to make authentication payload sizes as even as possible.
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Sub-Tasks & Estimates
No response
The text was updated successfully, but these errors were encountered: