Issue #391 has been updated by Clément OUDOT.
Thanks for your code, we will work on it. ---------------------------------------- Bug #391: Email based password reset allows brute force attack using wildcard * http://tools.lsc-project.org/issues/391 Author: Joe Campbell Status: New Priority: High Assigned to: Category: Self Service Password Target version: self-service-password-? The email based password reset allows an individual to test for user names to attack by using '*' wildcards. i.e. you can enter jc* in the username and it will return an error to you that indicates if it found a user name that matches by starting with the letters j and c. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
