mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Added usleep :(
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
321be4733d
commit
178e440951
|
@ -87,6 +87,8 @@ class ForgotPasswordController extends Controller
|
|||
\Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
|
||||
}
|
||||
|
||||
// Prevent timing attack to enumerate users.
|
||||
usleep(500000 + random_int(0, 1500000));
|
||||
|
||||
if ($response === \Password::RESET_LINK_SENT) {
|
||||
\Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');
|
||||
|
|
Loading…
Reference in a new issue