Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3557

Implement automatic account lockout after a number of failed log-ins

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 4.4.3
    • core
    • None

    Description

      There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.

      Details (copied from Security Report):

      Severity: High
      Test Type: Application
      Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
      Remediation Tasks: Enforce account lockout after several failed login attempts

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                ochytil Ondrej Chytil
                dlipp Daniel Lipp
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Jenkins Builds

                    No builds found.