[MAGNOLIA-3557] Implement automatic account lockout after a number of failed log-ins - Magnolia - Issue tracker

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.4.3
Component/s: core
Labels:
None

Description

There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.

Details (copied from Security Report):

Severity: High
Test Type: Application
Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
Remediation Tasks: Enforce account lockout after several failed login attempts

Attachments

Issue Links

is causing

MAGNOLIA-3671 User locked under heavy load.

Closed

DOCU-148 Account lockout after failed attempts

Closed

is related to

MAGNOLIA-3742 Implement account lockout feature in Magnolia 4.5

Closed

MAGNOLIA-3827 Account lockout log messages should be localized

Closed

Activity

People

Assignee:: Ondrej Chytil

Reporter:: Daniel Lipp

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 22/Feb/11 9:05 AM

Updated:: 08/Sep/11 4:41 PM

Resolved:: 14/Apr/11 11:34 AM

Date of First Response:: 11/Apr/11 6:42 PM