From 77e4ee76bbbe5bc0fe08b6697e5fc180369aa4f0 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Wed, 16 Mar 2016 15:19:55 -0400
Subject: [PATCH] Normalize userpass errors around bad user/pass

---
 builtin/credential/userpass/path_login.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/userpass/path_login.go b/builtin/credential/userpass/path_login.go
index 458d35e8b..a3008210e 100644
--- a/builtin/credential/userpass/path_login.go
+++ b/builtin/credential/userpass/path_login.go
@@ -49,7 +49,7 @@ func (b *backend) pathLogin(
 		return nil, err
 	}
 	if user == nil {
-		return logical.ErrorResponse("username does not exist"), nil
+		return logical.ErrorResponse("invalid username or password"), nil
 	}
 
 	// Check for a password match. Check for a hash collision for Vault 0.2+,
@@ -57,11 +57,11 @@ func (b *backend) pathLogin(
 	passwordBytes := []byte(password)
 	if user.PasswordHash != nil {
 		if err := bcrypt.CompareHashAndPassword(user.PasswordHash, passwordBytes); err != nil {
-			return logical.ErrorResponse("unknown username or password"), nil
+			return logical.ErrorResponse("invalid username or password"), nil
 		}
 	} else {
 		if subtle.ConstantTimeCompare([]byte(user.Password), passwordBytes) != 1 {
-			return logical.ErrorResponse("unknown username or password"), nil
+			return logical.ErrorResponse("invalid username or password"), nil
 		}
 	}