Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.3, 1.3.1, 1.4 M1, 1.3.2, 1.4 M2, 1.4 RC1
-
Fix Version/s: 2.2 M2
-
Component/s: {Unused} Authentication and Rights Management
-
Labels:None
-
keywords:Login, Authentication
-
Similar issues:
Description
Whenever you try to login with a wrong username or wrong password, XWiki shouldn't tell the user which one is not correct as that may eases login-attacks.
Instead of "Wrong password" / "Wrong user name" XWiki should simply write something like "Ooops, you made a mistake, try again"
Attachments
Issue Links
- is duplicated by
-
XWIKI-3618 XWiki login should not differentiate between invalid user and invalid password
-
- Closed
-
- is related to
-
XWIKI-4804 Put back specialized error message when user or password is empty on login page
-
- Closed
-