Failed Login (invalid email/username) throws Hostname/IP does not match certificate's altnames error

A user of ours tried to log in with an email that does not exist in our auth0 database and received the error:

"Hostname/IP does not match certificate's altnames: Host: plattform.ava.services. is not in the cert's altnames: DNS:*.xnxx.com, DNS:xnxx.com"

The type I see in the details of the logs (see screenshot) makes me think this should be a case of “Wrong username/password”. If I enter an email address that does exist in our auth0 dashboard (like my own) and try it with a wrong password then I get that error message. But an email that we do not have saved always throws the error above. This seems nonsensical to me since the point of generic error messages should be to not give away information as to which emails are already registered with us and which aren’t.

image1898×376 22.8 KB

We use the universal login if that matters (I know in classic login you can customise error messages which won’t be possible for us as far as I know)

Hi @anna.fasching,

Let me look into this and get back to you as soon as I have an update.

Kind regards,
Rueben

Hi @anna.fasching,

Whenever a user fails to log in via a custom database connection because of an invalid email or username, it throws the “Failed Login (invalid email/username)” error.

Since the user does not exist in your legacy database, it failed to connect to the server and returned the error description as the reason for the failed login.

If you prefer to set a different error message, you could do so in your Login script. Please refer to the Custom Database Login Script Templates documentation.

Thanks,
Rueben