rhino/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-26 03:39:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Updated Hardening Guide (WIP) (markdown)

Nick Fox
2019-03-19 16:02:55 +00:00
parent c76d625eb1
commit d9270d301d
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Hardening-Guide-(WIP).md

@@ -7,6 +7,8 @@ bitwarden_rs also allows registered users to invite other new users to create ac
## Enable HTTPS ## Enable HTTPS
### TLS hardening
## Disable password hint display ## Disable password hint display
bitwarden_rs displays password hints on the login page to accommodate small/local deployments that do not have SMTP configured, which could be abused by an attacker to facilitate password-guessing attacks against users on the server. This can be disabled in the admin panel by unchecking the `Show password hints` option or by starting the server with the `SHOW_PASSWORD_HINT=false` environment variable. bitwarden_rs displays password hints on the login page to accommodate small/local deployments that do not have SMTP configured, which could be abused by an attacker to facilitate password-guessing attacks against users on the server. This can be disabled in the admin panel by unchecking the `Show password hints` option or by starting the server with the `SHOW_PASSWORD_HINT=false` environment variable.