>Number: 209 >Category: mod_auth-any >Synopsis: No delay in request for retry of Authentication on failuer >Confidential: no >Severity: serious >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Thu Feb 27 18:50:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.1.1 >Environment: Pre compiled binaries for Solarisx86 >Description: It appears that you get the retry option immeadiately after a user/password authentication failure. In our system where the users actual password is used in this this file, this immeadiate retry leaves the system open to multiple retry of password attach, possiable automationed via Java/C etc in the client.
>How-To-Repeat: Try it on Netscape V3.0 Gold >Fix: Can you please put a 5 sec delay before returning a failed response to the web browser >Audit-Trail: >Unformatted:
