Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Enumeration vulnerability mitigation

‎11-23-2016 04:24 AM
‎11-23-2016 04:24 AM

User Enumeration vulnerability mitigation

Hello,

 

Among various security vulnerabilities, Magento 1 had one known as User Enumeration

For example, it was possible to reproduce it by trying to register new account - if email of existing registered customer is being used during registration of new customer the system will explicitly notify user about this, thus valid username will be revealed.

Is it mitigated somehow in Magento 2? In which way?

 

Thank you

0 Kudos
1 REPLY 1
‎11-23-2016 11:32 AM
‎11-23-2016 11:32 AM

Re: User Enumeration vulnerability mitigation

I will pass this on to the security team to check. It is always a challenge with such a big surface area of the product (lots of pages, APIs, etc available over the web) to make sure they are all protected. But agree, this should be on the list if not already done.

 

Talking about security in public is always a challenge as you want to help merchants without helping the bad guys as well.

0 Kudos