View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026361 | mantisbt | security | public | 2019-11-15 03:45 | 2021-10-12 14:34 |
Reporter | jcamara | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | new | Resolution | open | ||
Product Version | 2.22.0 | ||||
Summary | 0026361: Avoid multiple login attempts | ||||
Description | Our security department suggests include a feature to avoid multiple login attempts in order to increase access security level. It could be:
This feature may be activated on first login access failure. | ||||
Tags | No tags attached. | ||||
related to | 0029167 | new | Please enable the captcha in login page |
We already have a feature that will lock the users' account after a predetermined, configurable number of failed attempts. See I'm not sure if that satisfies your requirement. If not, then please be more precise in your specification of how you expect the system to behave. |
|
It could be a solution, but in order to prevent an attack over a known username (like jcamara) that derives in a user lock, the suggestion is:
In an extreme case, there may be an external attack using a set of specific usernames that results in an account lock. |
|