Thunderdragon221
commented
1 year ago Team's Response
This is a different design principle compared to the one we used to implement DrDuke and is hence out of scope.
And according to this logic, previous user's usernames would also be exposed and could be a "very dangerous bug" for any other application in the world when a duplicate username is entered during registration. Unfortunately, this is a compromise that has to be made in all applications around the world to allow applications to differentiate between user accounts.
Duplicate status (if any):
Duplicate of #2684
As shown from the screenshot, if an existing username was used, and the same password for that username was typed, this is the error that would come out. This is exposing the password for the previous user by telling them what their password is.
In the Developer Guide,
Emphasis of secure data in the Non-Functional Requirements is already voided through this example, a more secure method could be not allowing same usernames instead.
This could be a very dangerous bug
[original: nus-cs2113-AY2223S2/pe-interim#272] [original labels: severity.Medium type.FeatureFlaw]