Possible probing attack using login failure
Bug #457434 reported by
root
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
psiphon |
Confirmed
|
Unknown
|
Unassigned |
Bug Description
Login exams take longer if you put in a wrong password. It's important to figure out if this could be used as a probe for valid user id's since the system's behaviour is contingent on valid email address.
Changed in psiphon: | |
status: | New → Confirmed |
visibility: | private → public |
tags: | added: category3 |
To post a comment you must log in.
Ithink the feature you're referring to is the growing login delay on invalid password for valid username/email.
So, leaving this here but lowering priority.