-
Type:
Problem report
-
Resolution: Fixed
-
Priority:
Major
-
Affects Version/s: 4.0.1
-
Component/s: API (A)
-
Sprint 46, Nov 2018, Sprint 47, Dec 2018
-
0.5
Steps to reproduce:
- Use an ipv6 internet connection
- Navigate to login screen
- Use a valid username with a wrong password
- Click "Sign in"
Result:
See screenshot...
This in fact an information disclosure vulnerability, since you can search for existing user accounts that way. I asked for an alternative way to submit this issue, but didn't get an answer for about two weeks.
