-
New Feature
-
Resolution: Fixed
-
Major
-
None
-
None
-
-
Empty show more show less
There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.
Details (copied from Security Report):
Severity: High
Test Type: Application
Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
Remediation Tasks: Enforce account lockout after several failed login attempts
- is causing
-
MAGNOLIA-3671 User locked under heavy load.
- Closed
-
DOCU-148 Account lockout after failed attempts
- Closed
- is related to
-
MAGNOLIA-3742 Implement account lockout feature in Magnolia 4.5
- Closed
-
MAGNOLIA-3827 Account lockout log messages should be localized
- Closed