Details
Description
There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.
Details (copied from Security Report):
Severity: High
Test Type: Application
Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
Remediation Tasks: Enforce account lockout after several failed login attempts
Attachments
Issue Links
- is causing
-
MAGNOLIA-3671 User locked under heavy load.
-
- Closed
-
-
DOCU-148 Account lockout after failed attempts
-
- Closed
-
- is related to
-
MAGNOLIA-3742 Implement account lockout feature in Magnolia 4.5
-
- Closed
-
-
MAGNOLIA-3827 Account lockout log messages should be localized
-
- Closed
-