diff --git a/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java b/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java
index 62106a0..364544c 100644
--- a/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java
+++ b/src/main/java/com/cjy/back/login/service/LoginServiceImpl.java
@@ -92,7 +92,8 @@ public class LoginServiceImpl implements LoginService {
             //查询该用户是否正确
             SysUser user = sysUserMapper.selectIsUser(map);
             if (user == null || "".equals(user)) {
-                if (!loginname.equals("admin")) {
+                //原本只有非超管账号会锁定。但是有渗透漏洞报不同的提示会有用户名猜解漏洞，故将此处注释
+//                if (!loginname.equals("admin")) {
                     String value = RedisUtil.getValue(loginname + "_errorNum");
                     int num = 1;
                     if (StringUtils.isNotBlank(value)) {
@@ -113,11 +114,11 @@ public class LoginServiceImpl implements LoginService {
                         return ServerResponse.createByErrorMessage("帐户已锁定，请稍后再试");
                     }
                     httpSession.removeAttribute("validateCode");
-                    return ServerResponse.createByErrorMessage("密码错误，还可尝试" + (loginErrorNum - num) + "次，失败后将锁定10分钟");
-                } else {
+                    return ServerResponse.createByErrorMessage("用户名或密码不正确!，还可尝试" + (loginErrorNum - num) + "次，失败后将锁定10分钟");
+                /*} else {
                     httpSession.removeAttribute("validateCode");
                     return ServerResponse.createByErrorMessage("用户名或密码不正确!");
-                }
+                }*/
             }
             if (user.getLogstate().equals("0")) {
                 httpSession.removeAttribute("validateCode");