[jira] Resolved: (JSPWIKI-44) Add an invalid attempt lockout/unlock mechanism

Janne Jalkanen (JIRA) Wed, 21 May 2008 13:16:20 -0700

     [ 
https://issues.apache.org/jira/browse/JSPWIKI-44?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Janne Jalkanen resolved JSPWIKI-44.
-----------------------------------

    Resolution: Fixed

Fixed in 2.7.0-svn-27 by adding a delay between login attempts, if there are 
too many in a given time.

> Add an invalid attempt lockout/unlock mechanism
> -----------------------------------------------
>
>                 Key: JSPWIKI-44
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-44
>             Project: JSPWiki
>          Issue Type: Improvement
>          Components: Authentication&Authorization
>    Affects Versions: 2.4.104, 2.5.139-beta, 2.6.0
>            Reporter: Janne Jalkanen
>            Priority: Minor
>             Fix For: 2.8
>
>
> It is currently possible to attempt to brute force passwords, since there's 
> no lock mechanism for failed password attempts. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (JSPWIKI-44) Add an invalid attempt lockout/unlock mechanism

Reply via email to