You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should have a limit on that. And since this has potential to lock users out of their accounts if we ever change the password max length, we should have some sort of test to ensure that the limit doesn't tighten if we change the registration password length.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
The app is susceptible to DOS via scrypt by allowing arbitrary length input on the
LoginForm
.hushline/hushline/routes.py
Lines 71 to 73 in 53c65ee
Describe the solution you'd like
We should have a limit on that. And since this has potential to lock users out of their accounts if we ever change the password max length, we should have some sort of test to ensure that the limit doesn't tighten if we change the registration password length.
The text was updated successfully, but these errors were encountered: