#23120: Make it harder to brute-force Trac user passwords
--------------------------------------------------+-----------------
Reporter: gk | Owner: qbi
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Service - trac | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+-----------------
Currently we don't have any measures in place to stop brute-forcing
passwords of Trac accounts. I know, we are all using secure passwords, but
still we could do better here and set up an upper limit password retries.
That got reported via HackerOne by S.M.Usman (muhammad_usman)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23120>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
