fleet

mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00

History

Zach Wasserman fb9706912d Prevent user enumeration (#533 ) - Return same error in all cases for login endpoint. - Log error details in server logs. - Make most login errors take ~1s to prevent timing attacks. - Don't return forgot password errors. - Log password errors in server logs. - Make most forgot password requests take ~1s to prevent timing attacks. Fixes #531	2021-03-24 19:36:30 -07:00
..
fleet	Make host identifier configurable within Fleet (#417 )	2021-03-08 18:35:17 -08:00
fleetctl	Prevent user enumeration (#533 )	2021-03-24 19:36:30 -07:00

- Return same error in all cases for login endpoint.
- Log error details in server logs.
- Make most login errors take ~1s to prevent timing attacks.
- Don't return forgot password errors.
- Log password errors in server logs.
- Make most forgot password requests take ~1s to prevent timing attacks.

Fixes #531

2021-03-24 19:36:30 -07:00

fleet

Make host identifier configurable within Fleet (#417 )

2021-03-08 18:35:17 -08:00

fleetctl

Prevent user enumeration (#533 )

2021-03-24 19:36:30 -07:00