Reject control chars in base64-decoded auth credentials (name/password)
Also, if getuserdat() fails, don't count that as a failed login attempt. Also, track username and password of failed-login attempts of deleted or inactive user accounts.
Showing
Please register or sign in to comment