Upon an attempted log-in to the InPhO site, I have noticed that a bad password is accepted (at least by chrome) but does not log in. The problem is that the password is not rejected. Granted, the user does not become logged in, but they are not informed that they are not logged in either.
Upon an attempted log-in to the InPhO site, I have noticed that a bad password is accepted (at least by chrome) but does not log in. The problem is that the password is not rejected. Granted, the user does not become logged in, but they are not informed that they are not logged in either.