MimicServiceInterface

Table of Contents

Methods

mimicAuthUser()  : bool
Mimics user authentication for known invalid authentication requests. This method can be used to mitigate timing discrepancies for invalid authentication attempts, which can be used for user enumeration.

Methods

mimicAuthUser()

Mimics user authentication for known invalid authentication requests. This method can be used to mitigate timing discrepancies for invalid authentication attempts, which can be used for user enumeration.

public mimicAuthUser() : bool

Authentication services can implement this method to simulate(!) corresponding processes that would be processed during valid requests - e.g. perform password hashing (timing) or call remote services (network latency).

Tags
link

CWE-208: Observable Timing Discrepancy
Return values
bool

whether other services shall continue


        

        
    




    

    

                            

            

                        
    

        On this page

        
    


            

                    

        

    

        

            
Search results