mirror of
https://github.com/caddyserver/caddy.git
synced 2025-11-03 16:36:26 +08:00
937ec34201
Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!