Deuxfleurs/guichet
18
4
Fork 4
Code Issues 43 Pull requests 3 Projects 2 Releases Wiki Activity

Do not render a different view when user is found but password invalid #87

Merged
quentin merged 1 commit from fabientot/guichet:prevent-bruteforce-on-login-form into main 2025-03-26 08:27:32 +00:00
Conversation 0 Commits 1 Files changed 2 +5 -14
fabientot commented 2025-03-25 10:51:33 +00:00
Member
Copy link

In order to prevent a bruteforce attack, it is a good practice to not render a different view when the user exists but password is invalid.
It prevents an enumeration of existing accounts that could lead to bruteforce attacks

In order to prevent a bruteforce attack, it is a good practice to not render a different view when the user exists but password is invalid. It prevents an enumeration of existing accounts that could lead to bruteforce attacks
fabientot added 1 commit 2025-03-25 10:51:34 +00:00
Do not render a different view when user is found
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending approval
Details
c70bd116b6
fabientot changed title from Do not render a different view when user is found to Do not render a different view when user is found but password invalid 2025-03-25 10:56:09 +00:00
fabientot force-pushed prevent-bruteforce-on-login-form from c70bd116b6 to 0340e6df2f 2025-03-25 11:13:57 +00:00 Compare
fabientot force-pushed prevent-bruteforce-on-login-form from 0340e6df2f to f3ca42e37b 2025-03-25 11:14:28 +00:00 Compare
fabientot force-pushed prevent-bruteforce-on-login-form from f3ca42e37b to d37b92f422 2025-03-25 11:14:59 +00:00 Compare
fabientot force-pushed prevent-bruteforce-on-login-form from d37b92f422 to 8c894a88d9 2025-03-25 11:15:59 +00:00 Compare
fabientot force-pushed prevent-bruteforce-on-login-form from 8c894a88d9 to b319421c1f 2025-03-25 11:29:08 +00:00 Compare
quentin merged commit 3095f1726e into main 2025-03-26 08:27:32 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
cat
bug

  
cat
feature

  
cat
idea

  
cat
performance

  
cat
reliability

  
cat
security

  
cat
ui

  
difficulty
high

  
difficulty
low

  
difficulty
mid

  
prio
high

  
prio
low

  
prio
mid

No labels
cat
bug
cat
feature
cat
idea
cat
performance
cat
reliability
cat
security
cat
ui
difficulty
high
difficulty
low
difficulty
mid
prio
high
prio
low
prio
mid
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/guichet#87
No description provided.
Delete branch "fabientot/guichet:prevent-bruteforce-on-login-form"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?