X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAPI2%2FAccessControl.pm;h=5f859197446655436e58501ca282683ddc8c2534;hp=1679ed45eb4c0d6ff81682eb967fbce3c5521cfd;hb=e4f8fc2e7e5f31691629a5361000636f8a2b2398;hpb=437be042c2497a1956b359bb9e2797f838a37340

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 1679ed4..5f85919 100644
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -264,7 +264,6 @@ __PACKAGE__->register_method ({
 	my $rpcenv = PVE::RPCEnvironment::get();
 
 	my $res;
-
 	eval {
 	    # test if user exists and is enabled
 	    $rpcenv->check_user_enabled($username);
@@ -279,7 +278,8 @@ __PACKAGE__->register_method ({
 	if (my $err = $@) {
 	    my $clientip = $rpcenv->get_client_ip() || '';
 	    syslog('err', "authentication failure; rhost=$clientip user=$username msg=$err");
-	    die $err;
+	    # do not return any info to prevent user enumeration attacks
+	    die PVE::Exception->new("authentication failure\n", code => 401);
 	}
 
 	$res->{cap} = &$compute_api_permission($rpcenv, $username);