techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
9e2a9f5ee6
authelia/SECURITY.md
James Elliott e95c6a294d
[HOTFIX] Prevent Username Enumeration (#950) 
* [HOTFIX] Prevent Username Enumeration

* thanks to TheHllm for identifying the bug: https://github.com/TheHllm
* temporarily prevents username enumeration with file auth
* proper calculated and very slightly random fix to come

* closely replicate behaviour

* allow error to bubble up

* Synchronize security documentation.

Co-authored-by: Clement Michaud <clement.michaud34@gmail.com>
2020-05-02 00:32:09 +02:00

644 B
Raw Blame History

Security

Authelia takes security very seriously. We follow the rule of responsible disclosure, and we encourage the community to as well.

If you discover a vulnerability in Authelia, please first contact clems4ever on Matrix or by email.

For details about security measures implemented in Authelia, please follow this link and for reading about the threat model follow this link.