Joe,
Thanks for this. This looks good, but I am missing:
- User account credentials incorrect
- User account credentials change required
And also (using "Inner method" to disambiguate inner method CB from TEAP's
own CB):
- Inner method's channel binding data required but not supplied
- Inner m
On Sep 9, 2013, at 1:44 AM, Josh Howlett
wrote:
> Joe,
>
> Thanks for this. This looks good, but I am missing:
>
> - User account credentials incorrect
> - User account credentials change required
[Joe] I am concerned that these error messages reveal too much information to
an attacker.
>
>>
>>- User account credentials incorrect
>> - User account credentials change required
>
>[Joe] I am concerned that these error messages reveal too much
>information to an attacker.
I agree there are risks if used inappropriately, but nonetheless there are
reasonable uses for these (for example,
