On Sun, Sep 20, 2020 at 4:44 PM Vibin Bruno <vbruno...@gmail.com> wrote:
> Hi Team, > > Our security team has raised below vulnerabilities in SVN. > > 1. Concurrent login allowed in SVN console - same user can login to the > console same time using two machines. > > 2. Brute Force attack - user should be locked after 3 incorrect login > attempts. > > Kindly help us in resolving the above vulnerabilities. > This is not the correct list to report these "problems". SVN does not have a web user interface or console, so you are likely using some other SVN management product and need to report this there. That said, I would say both of these are more opinion and taste than vulnerabilities. I manage a SVN related product called SVN Edge and I would not consider "fixing" either of these issues if that is the product you are using. The first one is just straight up not a problem and I would never entertain it as one. The second one is somewhat a problem though "3" is an arbitrary number and there are a lot of ways to deal with brute force login attempts. For example, SVN Edge throttles the login attempts making it impractical to brute force attack a password. -- Thanks Mark Phippard http://markphip.blogspot.com/
