[magnolia-dev] [JIRA] Updated: (MAGNOLIA-3557) Implement automatic account lockout after a number of failed log-ins

JIRA (on behalf of Boris Kraft) Thu, 24 Mar 2011 06:16:42 -0700


     [ 
http://jira.magnolia-cms.com/browse/MAGNOLIA-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Boris Kraft updated MAGNOLIA-3557:
----------------------------------

        Summary: Implement automatic account lockout after a number of failed 
log-ins  (was: Inadequate Account Lockout)
    Description: 
There currently is no automatic logout, and since one can use the URL to 
provide log-in parameters, this could be used to force-guess passwords.

Details (copied from Security Report):

Severity:       High
Test Type:      Application
Vulnerable URL: 
http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html 
(Parameter = mgnlUserPSWD)
Remediation Tasks:      Enforce account lockout after several failed login 
attempts

  was:
This bug was discovered by an automated penetration test executed by IBM 
Rational AppScan.

Details (copied from Security Report):

Severity:       High
Test Type:      Application
Vulnerable URL: 
http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html 
(Parameter = mgnlUserPSWD)
Remediation Tasks:      Enforce account lockout after several failed login 
attempts

    Component/s: core

> Implement automatic account lockout after a number of failed log-ins
> --------------------------------------------------------------------
>
>                 Key: MAGNOLIA-3557
>                 URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3557
>             Project: Magnolia
>          Issue Type: Bug
>          Components: core
>            Reporter: Daniel Lipp
>            Assignee: Ondřej Chytil
>            Priority: Major
>
> There currently is no automatic logout, and since one can use the URL to 
> provide log-in parameters, this could be used to force-guess passwords.
> Details (copied from Security Report):
> Severity:     High
> Test Type:    Application
> Vulnerable URL:       
> http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html 
> (Parameter = mgnlUserPSWD)
> Remediation Tasks:    Enforce account lockout after several failed login 
> attempts

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira




----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

[magnolia-dev] [JIRA] Updated: (MAGNOLIA-3557) Implement automatic account lockout after a number of failed log-ins

Reply via email to