Hydro icon indicating copy to clipboard operation
Hydro copied to clipboard
verified publisher icon hydro-dev

Unify authentication error messages to prevent username enumeration

Open 15921483570 opened this issue 2 months ago • 2 comments

packages/hydrooj/src/error.ts:

用户名以及密码错误均使用“用户名或密码错误”,防止用户名被枚举+密码爆破导致后台被控制。

packages/hydrooj/locales/zh.yaml:

增加翻译: Invalid username or password.: 用户名或密码错误。

Summary by CodeRabbit

  • Bug Fixes
    • Authentication error messages for login failures are now consistent and generic across scenarios.
  • Localization
    • Added Chinese translation for the generic login failure message.

15921483570 avatar Nov 14 '25 07:11 15921483570