Browse Source
When `show_password_hint` is enabled but mail is not configured, the previous implementation returned a differentiable response for non-existent email addresses. Even if mail is enabled, there is a timing side channel since mail is sent synchronously. Add a randomized sleep to mitigate this somewhat.pull/1848/head
Jeremy Lin
4 years ago
1 changed files with 35 additions and 14 deletions
Loading…
Reference in new issue