when the signIn fails due to a wrong username or wrong password, the response error actually says either wrong username or wrong password.
this is a security vulnerability. firstly it tells the attacker that they've got the username right. and secondly it allows the attacker to check your system against existing email databases and know who's actually registered in the system.
the failure message should just say 'wrong username or password'. don't even mention 'email'
when the signIn fails due to a wrong username or wrong password, the response error actually says either
wrong usernameorwrong password.this is a security vulnerability. firstly it tells the attacker that they've got the username right. and secondly it allows the attacker to check your system against existing email databases and know who's actually registered in the system.
the failure message should just say 'wrong username or password'. don't even mention 'email'