|
|
|
|
|
|
by nick__m
1368 days ago
|
|
|
You would have to randomize the error when the wrong password is inputed and ensure that for a particular username the returned error is invariant. Else an attacker could infer that when you get a different error you have a correct password. |
|
|