Neozoon <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #10 from Neozoon <> ---
I think it is not a good idea to install the PasswordMaxLoginFailed check if it
really disables the account. 

The accountnames are all known. There are only 9 admin accounts (all login
names known) that need to be attacked and the OTRS is locked down if an
attacker does 90 login attempts with these accounts. 

This risk is much higher than the risk of a brute force attack on passwords
that would require massive amount of login attempts and can not be successful
if the passwordstrength rules are enabled. 

Best regards

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to