Ruby : Broken authentication and session management

The application uses messages that are responsible for authentication status and session management notifications. Incorrect message structure can be a reason for user data theft.

For example, the application displays information that only the password is set incorrectly. In this situation, an attacker can use the login (phone number, email, etc.) to realize different attacks (phishing, bruteforce, social engineering, etc.). It is safer to use common phrases such as “Invalid username or password” or “Authorization error. Check if the data entered is correct”.