mirror of
https://github.com/caddyserver/caddy.git
synced 2025-03-06 02:01:41 +08:00
937ec34201
Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!