Return the same error message from `/login` when password is incorrect and when account doesn't exist. (#12738)

author: Daniel Aloni <74783603+Danieloni1@users.noreply.github.com> 2022-06-07 17:58:48 +0300
committer: GitHub <noreply@github.com> 2022-06-07 14:58:48 +0000
commit: b5a3aecf18740fb699f871c8e1d110d847fea6d3 (patch)
tree: 2aa9222fac89627cb4e665cfe17ac8dcccf5aba6 /changelog.d
parent: Fix Synapse git info missing in version strings (#12973) (diff)
download: synapse-b5a3aecf18740fb699f871c8e1d110d847fea6d3.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/12738.misc b/changelog.d/12738.misc
new file mode 100644
index 0000000000..8252223475
--- /dev/null
+++ b/changelog.d/12738.misc
@@ -0,0 +1 @@
+Report login failures due to unknown third party identifiers in the same way as failures due to invalid passwords. This prevents an attacker from using the error response to determine if the identifier exists. Contributed by Daniel Aloni.
\ No newline at end of file
author	Daniel Aloni <74783603+Danieloni1@users.noreply.github.com>	2022-06-07 17:58:48 +0300
committer	GitHub <noreply@github.com>	2022-06-07 14:58:48 +0000
commit	b5a3aecf18740fb699f871c8e1d110d847fea6d3 (patch)
tree	2aa9222fac89627cb4e665cfe17ac8dcccf5aba6 /changelog.d
parent	Fix Synapse git info missing in version strings (#12973) (diff)
download	synapse-b5a3aecf18740fb699f871c8e1d110d847fea6d3.tar.xz