diff options
Diffstat (limited to 'lib/users/auth')
| -rw-r--r-- | lib/users/auth/verifyCredentails.ts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/users/auth/verifyCredentails.ts b/lib/users/auth/verifyCredentails.ts index 5cb9c24f..8cb3c434 100644 --- a/lib/users/auth/verifyCredentails.ts +++ b/lib/users/auth/verifyCredentails.ts @@ -315,6 +315,7 @@ export async function verifyExternalCredentials( // 타이밍 공격 방지를 위해 가짜 해시 연산 await bcrypt.compare(password, '$2a$12$fake.hash.to.prevent.timing.attacks'); await logLoginAttempt(username, null, false, 'INVALID_CREDENTIALS'); + // 보안상 계정 존재 여부와 비밀번호 오류를 구분하지 않습니다 return { success: false, error: 'INVALID_CREDENTIALS' }; } |