Skip to content


Here are 139 public repositories matching this topic...

aeneasr commented Nov 17, 2020

Describe the bug

Currently, login requests will fail faster if the user does not exist as the hash does not have to be computed. This can leave to timing attacks where an attacker can guess if a user exists or not, which defeats account enumeration defenses.

Expected behavior

Every login request should take a similar amount of time regardless of whether the user exists or not. The


OpenIDM is an open standards based Identity Management, Provisioning and Compliance solution. Experience shows that the most important features of an identity management product are: high flexibility in Business Process handling and compliance with open standards and interfaces. A highly flexible user interface combined with a very robust workflow engine make OpenIDM ready for any Identity Management project.

  • Updated Aug 8, 2019
  • Java

Improve this page

Add a description, image, and links to the identity-management topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the identity-management topic, visit your repo's landing page and select "manage topics."

Learn more

You can’t perform that action at this time.