#23120: Make it harder to brute-force Trac user passwords --------------------------------------------------+----------------- Reporter: gk | Owner: qbi Type: defect | Status: new Priority: Medium | Milestone: Component: Internal Services/Service - trac | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------------------+----------------- Currently we don't have any measures in place to stop brute-forcing passwords of Trac accounts. I know, we are all using secure passwords, but still we could do better here and set up an upper limit password retries.
That got reported via HackerOne by S.M.Usman (muhammad_usman) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23120> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs