mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-06-30 19:24:42 +02:00
Code Issues Releases Aktivität
vaultwarden/src
Verlauf
Jeremy Lin 88bea44dd8 Prevent user enumeration via password hints 
When `show_password_hint` is enabled but mail is not configured, the previous
implementation returned a differentiable response for non-existent email
addresses.

Even if mail is enabled, there is a timing side channel since mail is sent
synchronously. Add a randomized sleep to mitigate this somewhat.
2021-07-10 01:21:27 -07:00
..
api Prevent user enumeration via password hints 2021-07-10 01:21:27 -07:00
db Fix clippy lints 2021-06-19 22:02:03 +02:00
static Multiple Admin Interface fixes and some others. 2021-06-19 19:22:19 +02:00
auth.rs Remove unused lifetime and double referencing 2021-06-26 13:35:09 +02:00
config.rs Disable show_password_hint by default 2021-07-10 01:20:37 -07:00
crypto.rs Rework file ID generation 2021-05-25 23:15:24 -07:00
error.rs Formatting 2021-06-26 14:21:58 +02:00
mail.rs Updated branding, email and crates 2021-05-08 17:46:31 +02:00
main.rs Formatting 2021-06-26 14:21:58 +02:00
util.rs Load RSA keys as pem format directly, and using openssl crate, backported from async branch 2021-06-25 20:53:26 +02:00