[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Haderka reopened MAGNOLIA-3557:
-----------------------------------
change location of update tasks and improve readability of the code.
> Implement automatic account lockout after a number of failed log-ins
> --------------------------------------------------------------------
>
> Key: MAGNOLIA-3557
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3557
> Project: Magnolia
> Issue Type: New Feature
> Components: core
> Reporter: Daniel Lipp
> Assignee: Ondřej Chytil
> Priority: Major
> Fix For: 4.4.3
>
>
> There currently is no automatic logout, and since one can use the URL to
> provide log-in parameters, this could be used to force-guess passwords.
> Details (copied from Security Report):
> Severity: High
> Test Type: Application
> Vulnerable URL:
> http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html
> (Parameter = mgnlUserPSWD)
> Remediation Tasks: Enforce account lockout after several failed login
> attempts
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
