Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does GetErrorMessage return "wrong password", when the user name is wrong?

Tags:

c++

windows

winapi

wininet

GetErrorMessage (from CInternetException) gives me the following:

With the incorrect ftp server name:
"ERROR! The server name or address could not be resolved"

With the incorrect password:
ERROR! The password was not allowed

With the incorrect user name:
ERROR! The password was not allowed <-----? NO separate message for incorrect username? Is this intended?

try
{
   pConnect = sess->GetFtpConnection(host, userName, password, port, FALSE );
}

catch (CInternetException* pEx) //incorrect user name displays incorrect password?
{
      TCHAR sz[1024];
      pEx->GetErrorMessage(sz, 1024);
      printf("ERROR!  %s\n", sz);
      pEx->Delete();
}
like image 610
T.T.T. Avatar asked Dec 13 '22 00:12

T.T.T.

1 Answers

Yes that is intended. A typical FTP server will not distinguish between an invalid password and an invalid username. This is for security reasons, so e.g. attackers can't brute force their way to discover valid usernames.

like image 153
nos Avatar answered Dec 15 '22 12:12

nos
Sign in to Comment

Related questions

Floating Point Math Execution Time
When are C++ destructors explicitly called?
How can I generate random samples from bivariate normal and student T distibutions in C++?
How to handle all errors, including internal C library errors, uniformly

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!