User Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0 (Beta/Release) Build ID: 20140605174243 Steps to reproduce: Create username "Newuser1" Login username "newuser1" Actual results: Login is successful Expected results: In the login shall be denied
Hi, Could you please check and try again? I was able to login successfully.
Yea he is correct, the login form is not case sensitive it logs you if you enter user name in upper, lower or mixed case. This is good because it avoids the possibility of registering and logging in several different users with the same username in different case mix. My questions is whether we should remove username from alert message, shown if login failed due to mismatched password. (alert message : Please enter a correct username and password. Note that both fields are case-sensitive)
So this bug turns to be just about changing the string instead?
In general, we don't tell the user if it was the username or the password was wrong, because doing so reveals information about users accounts, which makes brute force attacks easier. This situation is the same.
Closing need-info request.