Added usleep :(

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-02-15 18:09:58 -08:00
parent 321be4733d
commit 178e440951

View file

@ -87,6 +87,8 @@ class ForgotPasswordController extends Controller
\Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
}
// Prevent timing attack to enumerate users.
usleep(500000 + random_int(0, 1500000));
if ($response === \Password::RESET_LINK_SENT) {
\Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');