Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Display message - On failed Login. #1149

Closed
cenasmynet opened this issue Jan 8, 2016 · 3 comments
Closed

Display message - On failed Login. #1149

cenasmynet opened this issue Jan 8, 2016 · 3 comments

Comments

@cenasmynet
Copy link

When you try to login in the teampass with a wrong user name you get "This user do not exist!" and with wrong password "Bad password for this account!", in the 2 cases the message to the user should be the same "Wrong user name or Password!" and internally log the message to the system with the Right message.

This give this kind of info to the end user is a security issue.
The attacker already know that the user name is rigth.

Best regards.
nilsteampassnet added a commit that referenced this issue Jan 11, 2016
@nilsteampassnet
2.1.25
ee90115 
Fixes for #1149, #1152
@cenasmynet
Copy link
Author

Is this kind of acess logged anyware?

Best regards.

@nilsteampassnet
Copy link
Owner

nilsteampassnet commented Jan 12, 2016 via email

@cenasmynet
Copy link
Author

Can you log that to syslog, the tried username, client ip and the messages (ok or error) . This will help alot.

nilsteampassnet added a commit that referenced this issue Jan 13, 2016
@nilsteampassnet
2.1.25
e1724c3 
Fix for #1152, #1153, #1149 (partially)
nilsteampassnet added a commit that referenced this issue Jan 19, 2016
@nilsteampassnet
2.1.25
ae1eb8e 
- #1149 log failed user authentication
- #1160 hidding user password change option if DUOSecurity
- add new item from API (for teampass-connect) (not yet tested)
- code source cosmetic changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nilsteampassnet @cenasmynet