Our security team posed this question to me earlier: What prevents someone from brute forcing a Remedy user account password?
In response I said, "Uhhhh.... great question!" When using the builtin NTLM authentication (Cross Ref Blank Password in Server Information -> External Authentication) in Remedy, AD prevents it by locking out accounts after 3 unsuccessful login attempts. As far as I can tell, Remedy does nothing in this regard for application accounts. Has anyone else experienced this issue? Thanks! Michael The information contained in this email may be privileged, confidential or otherwise protected from disclosure. All persons are advised that they may face penalties under state and federal law for sharing this information with unauthorized individuals. If you received this email in error, please reply to the sender that you have received this information in error. Also, please delete this email after replying to the sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
