-
-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Display message - On failed Login. #1149
Comments
nilsteampassnet
added a commit
that referenced
this issue
Jan 11, 2016
Is this kind of acess logged anyware? Best regards. |
No this is currently not.
But it can be added.
|
Can you log that to syslog, the tried username, client ip and the messages (ok or error) . This will help alot. |
nilsteampassnet
added a commit
that referenced
this issue
Jan 13, 2016
nilsteampassnet
added a commit
that referenced
this issue
Jan 19, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When you try to login in the teampass with a wrong user name you get "This user do not exist!" and with wrong password "Bad password for this account!", in the 2 cases the message to the user should be the same "Wrong user name or Password!" and internally log the message to the system with the Right message.
This give this kind of info to the end user is a security issue.
The attacker already know that the user name is rigth.
Best regards.
The text was updated successfully, but these errors were encountered: