[jira] [Created] (SYNCOPE-1973) Security auth user enumeration hardening

Massimiliano Perrone (Jira) Mon, 08 Jun 2026 07:59:28 -0700

Massimiliano Perrone created SYNCOPE-1973:
---------------------------------------------


             Summary:   Security auth user enumeration hardening
                 Key: SYNCOPE-1973
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1973
             Project: Syncope
          Issue Type: Improvement
            Reporter: Massimiliano Perrone
            Assignee: Massimiliano Perrone
             Fix For: 4.0.7, 4.1.2, 5.0.0


Authentication failure responses should be hardened to avoid exposing 
credential-specific details that could help an attacker distinguish between 
unknown users, invalid passwords, or other authentication failure causes.

Add a configurable option to return a generic authentication failure message 
for username/password authentication errors, while preserving backward 
compatibility for existing deployments.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SYNCOPE-1973) Security auth user enumeration hardening

Reply via email to