Feature #4238
Protection from Brute Force Password Attacks
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Description
The login screen should protect the users from a brute force password attack. This can handled by approaches such as:
1) Locking an account out after X many failed attempts.
2) Supporting an escalated delay between logins (first failed login delay 5 seconds, second 10, third 20, etc)
Related issues
Associated revisions
History
#1
Updated by Dominic Cleal about 9 years ago
- Subject changed from [RFE] Protection from Brute Force Password Attacks to Protection from Brute Force Password Attacks
#2
Updated by The Foreman Bot about 6 years ago
- Status changed from New to Ready For Testing
- Assignee set to Tomer Brisker
- Pull request https://github.com/theforeman/foreman/pull/4132 added
#3
Updated by Marek Hulán about 6 years ago
- Bugzilla link set to 1060745
#4
Updated by Dominic Cleal about 6 years ago
- Status changed from Ready For Testing to New
- Assignee deleted (
Tomer Brisker)
PR closed.
#5
Updated by The Foreman Bot over 5 years ago
- Assignee set to Tomer Brisker
- Status changed from New to Ready For Testing
#6
Updated by Lukas Zapletal over 5 years ago
- Legacy Backlogs Release (now unused) set to 296
I just merged sane implementation: 5 minutes window for 30 logins, not configurable, uses Rails cache to store the data.
#7
Updated by Anonymous over 5 years ago
- % Done changed from 0 to 100
- Status changed from Ready For Testing to Closed
Applied in changeset 1ece1d3233a36cc4106664e87f0a9441dd1f4c05.
#8
Updated by Marek Hulán about 5 years ago
- Related to Refactor #22778: Allow admin to opt-out from the Brute-force attack protection added
Fixes #4238 - Prevent login brute forcing
After 30 failed attempts from the same ip, login will be blocked for 5
minutes from that ip.