474
(page 2) 44 comments
sorted by: hot top controversial new old
[-] Subscript5676@piefed.ca 3 points 1 week ago* (last edited 1 week ago)

In cass it's not clear from other comments, if the site tells you either one's wrong but not both, you can then brute force and try out a bunch of usernames and passwords to effectively farm for both: those that say "wrong username" means that the password is valid, while those that say "wrong password" means you got the username that's in the system.

Once you've collected them, the rest is just trying out every password for every user.

So... while this seems weird for a person, it is very much intentional.

Edit after several comments: I don't know why it's hard for people to look at the OP, take it for what it is, and argue for the sake of the argument, rather than claiming that something's impossible because of common or correct technical practices.

[-] InputZero@lemmy.world 3 points 1 week ago

Yeah a wrong username means both are wrong. That's not how it works, that's not how any of this works.

[-] Malgas@beehaw.org 3 points 1 week ago

those that say “wrong username” means that the password is valid

How could it mean that? The only reason you'd ever say "wrong username" is if the account doesn't exist (otherwise it's indistinguishable from "wrong password") and in that case there's no reason to even look at the password.

load more comments (4 replies)
[-] TevTra@lemmy.tevtra.com 2 points 1 week ago

Wrong username and password combination. Or just wrong credentials.

load more comments
view more: ‹ prev next ›
this post was submitted on 10 Apr 2026
474 points (90.9% liked)

Programmer Humor

31092 readers
811 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS