Loading...

XML

Word

Printable

Type: New Feature
Resolution: Fixed
Priority: Major
Fix Version/s: 4.4.3
Affects Version/s: None
Component/s: core
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less

There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.

Details (copied from Security Report):

Severity: High
Test Type: Application
Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
Remediation Tasks: Enforce account lockout after several failed login attempts

Acceptance criteria

is causing

MAGNOLIA-3671 User locked under heavy load.

Closed

DOCU-148 Account lockout after failed attempts

Closed

is related to

MAGNOLIA-3742 Implement account lockout feature in Magnolia 4.5

Closed

MAGNOLIA-3827 Account lockout log messages should be localized

Closed

Assignee:: Ondrej Chytil

Reporter:: Daniel Lipp

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 22/Feb/11 9:05 AM

Updated:: 08/Sep/11 4:41 PM

Resolved:: 14/Apr/11 11:34 AM

Date of First Response:: 11/Apr/11 6:42 PM