Security issue
Closed this issue · 1 comments
am0d commented
I think that there is a security issue on the login page.
When login fails, the error message tells you whether you had a valid username or not. If the username is not in the system, the error message is (something like): "Invalid username".
When the password is wrong but the username is valid, it also tells you that the "Password was incorrect".
As far as I know, the standard procedure is to just say that "Either the username and / or the password was incorrect".
svenstaro commented
Fixed, thanks SameDifference!