fix: enumeration attack vector on login form

2025-07-11 04:19:25 +00:00 · 2025-06-25 14:42:17 +02:00
parent a7f4630d13
commit 02ef8fdb88
4 changed files with 58 additions and 35 deletions
--- a/core/templates/core/login.jinja
+++ b/core/templates/core/login.jinja
@ -26,9 +26,11 @@
    {% endif %}
  {% endif %}

-  <form method="post" action="{{ url('core:login') }}">
+  <form method="post" action="{{ url('core:login') }}" id="login-form">
    {% if form.errors %}
-      <p class="alert alert-red">{% trans %}Your username and password didn't match. Please try again.{% endtrans %}</p>
+      <p class="alert alert-red">
+        {% trans %}Your credentials didn't match. Please try again.{% endtrans %}
+      </p>
    {% endif %}

    {% csrf_token %}