#23120: Make it harder to brute-force Trac user passwords
     Reporter:  gk                                |      Owner:  qbi
         Type:  defect                            |     Status:  new
     Priority:  Medium                            |  Milestone:
    Component:  Internal Services/Service - trac  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
 Currently we don't have any measures in place to stop brute-forcing
 passwords of Trac accounts. I know, we are all using secure passwords, but
 still we could do better here and set up an upper limit password retries.

 That got reported via HackerOne by S.M.Usman (muhammad_usman)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23120>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to