Hello, How could I prevent brute force of the scratch codes for MFA gauth?
Basically you can sit there rolling through the MFA codes until one hits a scratch code, without things failing. Is there some way to cap failed MFA logins, or integrate it with throttling? I tried building cas with Throttling as well (https://apereo.github.io/cas/development/authentication/Configuring-Authentication-Throttling.html), hoping that would work for MFA, but it just adds an entry per failed MFA token, which is a good way to trigger a denial of service, possibly filling up, whatever storage you use. Thank you, Matt -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/87791276-d630-45d8-a56d-83b7c3c66806n%40apereo.org.
