Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3557

Implement automatic account lockout after a number of failed log-ins

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.3
    • Component/s: core
    • Labels:
      None

      Description

      There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.

      Details (copied from Security Report):

      Severity: High
      Test Type: Application
      Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
      Remediation Tasks: Enforce account lockout after several failed login attempts

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ochytil Ondrej Chytil
              Reporter:
              dlipp Daniel Lipp
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: