Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Destroy All Login Data on Login Fails

dave shared this idea 2 years ago
Open Discussion

As a System Administrator, I would like for the functionality to be added where login input data is destroyed on Login Failure because clearing the login and password fields after a failed attempt helps prevent security risks where someone could login without entering a password.


Issue - When a login attempt fails due to incorrect username, the password data value is still valid on login re-attempts. Once the username is corrected, then one can just login without having to re-enter the password, which fundamentally works against security.

Solution - Simply destroy all login input data on Login Fails. Nothing should be saved or kept in cache regarding login "before" being logged in. So if a login fail happens, then there should not be any username or password data remaining in the login field values, it should be cleared.

Leave a Comment
Attach a file