Symptom:
If authentication failed when using AuthMinder, different error messages were displayed for incorrect user name and incorrect password. This enabled internal users to generate a list of valid contact IDs, thereby speeding up password guessing attacks.
Solution:
This issue has now been resolved. Authentication failure is conveyed using a generic message in case of both incorrect user name and incorrect password.
|
Copyright © 2013 CA.
All rights reserved.
|
|