Opened 5 years ago

Closed 5 years ago

#1812 closed bug (fixed)

Wrong password or username should result in same error message

Reported by: shevek Owned by: sitatara
Priority: major Milestone: 2.0
Component: FrameWork Keywords: Login
Cc:

Description (last modified by sitatara)

Currently if you enter a username and the incorrect password you're informed that the username exists as you're told that the password wasn't correct.

As a simple means to increase security the message should be 'Login failed as either username or password wasn't correct'.


Related ticket: #1575

Change History (10)

comment:1 in reply to: ↑ description Changed 5 years ago by shevek

Related ticket 250

comment:2 Changed 5 years ago by crumbking

I hope this is a wordcode so this issue could be a job for the translation team. We just need to find out the wordcode and post it in the notification thread.

comment:3 Changed 5 years ago by crumbking

It's not a wordcode ;-)

Start at line /build/login/login.ctrl.php:56

comment:4 Changed 5 years ago by shevek

  • Milestone changed from unassigned to 1.3
  • Owner set to shevek
  • Status changed from new to assigned

Great. That means the message isn't even translatable. I assign that ticket to me and fix it together with 250 for 1.3.

comment:5 Changed 5 years ago by shevek

  • Milestone changed from 1.3 to unassigned

Unassigned from 1.3.

comment:6 Changed 5 years ago by sitatara

  • Description modified (diff)

comment:7 Changed 5 years ago by sitatara

  • Milestone changed from unassigned to 2.0
  • Owner changed from shevek to sitatara

The same error message is now shown for wrong username and wrong password: https://gitorious.org/bewelcome/rox/commit/e157ca15eede277bcd435407d08010bd303239a5

Please test locally.

comment:8 Changed 5 years ago by sitatara

  • Status changed from assigned to to_alpha

comment:9 Changed 5 years ago by sitatara

  • Status changed from to_alpha to testing

comment:10 Changed 5 years ago by shevek

  • Resolution set to fixed
  • Status changed from testing to closed

Same message is shown to the user now. Closed as fixed.

Note: See TracTickets for help on using tickets.