Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-2261

Don't give password hints

    XMLWordPrintable

    Details

    • keywords:
      Login, Authentication
    • Similar issues:

      Description

      Whenever you try to login with a wrong username or wrong password, XWiki shouldn't tell the user which one is not correct as that may eases login-attacks.

      Instead of "Wrong password" / "Wrong user name" XWiki should simply write something like "Ooops, you made a mistake, try again"

        Attachments

          Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-3618 XWiki login should not differentiate between invalid user and invalid password

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-4804 Put back specialized error message when user or password is empty on login page

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              vmassol Vincent Massol
              Reporter:
              squirrel Squirrel
              Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: