summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--synapse/rest/client/v1/login.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py

index 602785fe22..98a3365f05 100644
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -161,7 +161,8 @@ class LoginRestServlet(RestServlet):
         if not username:
             if medium and address:
                 # The user attempted to login via threepid and failed
-                # Record this failed attempt
+                # Record this failed attempt using the threepid as a key, as otherwise
+                # the user could bypass the ratelimiter by not providing a username
                 self._failed_attempts_ratelimiter.can_do_action(
                     (medium, address.lower())
                 )
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-03 18:29:42 +0000