Skip to content

Improper Restriction of Excessive Authentication Attempts #136

Open
@fpietrosanti

Description

@fpietrosanti

Description
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

Effort to Fix: 3 - Complex implementation error. Fix is approx. 51-500 lines of code. Up to 5 days to fix.

Recommendations
Implement a CAPTCHA solution to limit the number of requests to the Abuse and Feedback functionality.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1614134-improper-restriction-of-excessive-authentication-attempts?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions