You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If Email field is null or empty the UserManager will not update the database table and since AccessFailedCount is stored in the same table it will not be incremented.
await UserManager.AccessFailedAsync(user.Id).WithCurrentCulture(); returns an error, but this is not checked, in SignInManager.PasswordSignInAsync and SignInManager.TwoFactorSignInAsync.
This means that an attacker can guess passwords for such a user indefinitely.
The text was updated successfully, but these errors were encountered:
This is when using a UserValidator with RequireUniqueEmail = true.
A possible workaround is to set RequireUniqueEmail = false, but then you will not get any email address validation when the users enters an email address.
If Email field is null or empty the UserManager will not update the database table and since AccessFailedCount is stored in the same table it will not be incremented.
await UserManager.AccessFailedAsync(user.Id).WithCurrentCulture();
returns an error, but this is not checked, inSignInManager.PasswordSignInAsync
andSignInManager.TwoFactorSignInAsync
.This means that an attacker can guess passwords for such a user indefinitely.
The text was updated successfully, but these errors were encountered: