2 files changed, 3 insertions, 2 deletions

diff --git a/lib/users/auth/verifyCredentails.ts b/lib/users/auth/verifyCredentails.ts
index 5cb9c24f..8cb3c434 100644
--- a/lib/users/auth/verifyCredentails.ts
+++ b/lib/users/auth/verifyCredentails.ts
@@ -315,6 +315,7 @@ export async function verifyExternalCredentials(
       // 타이밍 공격 방지를 위해 가짜 해시 연산
       await bcrypt.compare(password, '$2a$12$fake.hash.to.prevent.timing.attacks');
       await logLoginAttempt(username, null, false, 'INVALID_CREDENTIALS');
+      // 보안상 계정 존재 여부와 비밀번호 오류를 구분하지 않습니다
       return { success: false, error: 'INVALID_CREDENTIALS' };
     }
 
diff --git a/lib/users/session/helper.ts b/lib/users/session/helper.ts
index 439ab32d..f99ca80a 100644
--- a/lib/users/session/helper.ts
+++ b/lib/users/session/helper.ts
@@ -17,7 +17,7 @@ export const authHelpers = {
         }
         
         if (!authResult.success || !authResult.user) {
-          return { success: false, error: 'Invalid credentials' }
+          return { success: false, error: authResult.error || 'INVALID_CREDENTIALS' }
         }
   
         // DB에 임시 인증 세션 생성
@@ -45,7 +45,7 @@ export const authHelpers = {
         }
       } catch (error) {
         console.error('First auth error:', error)
-        return { success: false, error: 'Authentication failed' }
+        return { success: false, error: 'SYSTEM_ERROR' }
       }
     },