[
https://issues.apache.org/jira/browse/SYNCOPE-1975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18089398#comment-18089398
]
ASF subversion and git services commented on SYNCOPE-1975:
----------------------------------------------------------
Commit d4b78c8cf291b929a1ec8908e99fb97e3ce233ad in syncope's branch
refs/heads/master from Massimiliano Perrone
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=d4b78c8cf2 ]
[SYNCOPE-1975] Throttle password reset requests (#1419)
> Throttle password reset requests
> ----------------------------------
>
> Key: SYNCOPE-1975
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1975
> Project: Syncope
> Issue Type: Improvement
> Reporter: Massimiliano Perrone
> Assignee: Massimiliano Perrone
> Priority: Major
> Fix For: 4.1.2, 5.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Password reset requests are currently not rate limited. This can allow
> repeated requests against the password reset endpoint, including rapid
> attempts against the security answer flow.
> Introduce configurable throttling for password reset requests before user
> lookup, so requests for existing and non-existing usernames are handled
> consistently.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
