Project

General

Profile

Actions
Copy link

BUG #4190

open
« Previous | Next »

BUG #4242: [SQA] : Agency Authentication

BUG #4244: [SQA] : Functional>> Agency Authentication

[SQA] Specified sign-in error messages reveal credential validity instead of using generic message

Added by Tasfia Zaima 2 months ago. Updated 28 days ago.

Status:
Complete
Priority:
High
Assignee:
Tasfia Zaima
Target version:
sprint 04
Start date:
02/03/2026
Due date:
% Done:

100%

Estimated time:
Spent time:
1:15 h

Description

Issue Description
On the Admin Profile Sign In page in the staging environment, the system displays different error messages based on whether the email or password is incorrect:

  • Incorrect email → “User not found”
  • Incorrect password → “The password provided is incorrect”

This behavior reveals which credential is invalid.
However, according to the Lovable design, a single generic error message should be shown to avoid information disclosure and maintain better security practices.

Module / Page
Admin Profile → Sign In

Module Section
Authentication / Error Messaging

Screen Size
Desktop

Tested By
Tasfia Zaima

Steps to Reproduce

  1. Navigate to the Admin Profile Sign In page in the staging environment.
  2. Enter an incorrect email with any password and click Sign In.
  3. Observe the alert message.
  4. Enter a registered email with an incorrect password and click Sign In.
  5. Compare both messages with the Lovable design.

Expected Result
A single generic error message should be displayed regardless of whether the email or password is incorrect:
“Username or password is incorrect.”
This prevents exposing which credential is invalid and improves security.

Actual Result
Different error messages are shown depending on the incorrect input, revealing whether the email or password is wrong.

Attachments
PoC

Types of Issue

Functional Issue

Root Cause:

Impacted Area:

Actions
Copy link

Also available in: Atom PDF