Massimiliano Perrone created SYNCOPE-1975:
---------------------------------------------
Summary: Throttle password reset requests
Key: SYNCOPE-1975
URL: https://issues.apache.org/jira/browse/SYNCOPE-1975
Project: Syncope
Issue Type: Improvement
Reporter: Massimiliano Perrone
Assignee: Massimiliano Perrone
Fix For: 4.0.7, 4.1.2, 5.0.0
Password reset requests are currently not rate limited. This can allow repeated
requests against the password reset endpoint, including rapid attempts against
the security answer flow.
Introduce configurable throttling for password reset requests before user
lookup, so requests for existing and non-existing usernames are handled
consistently.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
