-
Problem report
-
Resolution: Fixed
-
Major
-
4.0.1
-
Team B
-
Sprint 46, Nov 2018, Sprint 47, Dec 2018
-
0.5
Steps to reproduce:
- Use an ipv6 internet connection
- Navigate to login screen
- Use a valid username with a wrong password
- Click "Sign in"
Result:
See screenshot...
This in fact an information disclosure vulnerability, since you can search for existing user accounts that way. I asked for an alternative way to submit this issue, but didn't get an answer for about two weeks.
