[
https://issues.apache.org/jira/browse/CONNECTORS-1596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16803005#comment-16803005
]
Karl Wright commented on CONNECTORS-1596:
-----------------------------------------
The ManifoldCF UI is not expected to be used in an open web environment, but in
a back-office environment. Security protections designed to prevent remote
hackers from getting into the UI using sophisticated tools are therefore not
expected.
Similarly, there will be no attempt to implement dual-factor authentication for
the MCF admin UI.
> brute-force vulnerability
> -------------------------
>
> Key: CONNECTORS-1596
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1596
> Project: ManifoldCF
> Issue Type: Improvement
> Components: API
> Affects Versions: ManifoldCF 2.12
> Reporter: roel goovaerts
> Priority: Minor
>
> As a result of a pen test, it appears there is no functionality to counter
> brute-force attacks for logging in.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
