View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|13546||Feature requests||Security||public||2018-03-27 21:00||2018-03-29 19:38|
|Summary||13546: After entering 5 times wrong password from any user, all users are blocked for 10 minutes (even admin)|
|Description||After entering 5 times wrong password from any user (Survey admin), all users are blocked for 10 minutes (even admin). It's a security issue because almost everybody can block out everybody.|
|Steps To Reproduce||try it|
|Tags||No tags attached.|
|It continues the time with every attempt|
With same IP adress, right ?
«maxLoginAttempt: This is the number of attempts a user has to enter the correct password before he or she gets her or his IP address blocked/locked out.»
|Yes, the Server is behind a proxy (as many Servers I guess). The problem is that ALL users are blocked out an not only the specific user that entered the password 5 times wrong.|
This is probably more like a feature request. Just raise the number of login attempts.
Long term probably a whilelist would be needed.
|Whitelist can be easily done via Plugin (have one)|
Why is it not possible or so difficult to block the ONLY the specific user who entered the wrong password several times and not the IP. Many/most servers are behind a reverse proxy and always see the same IP-address. In this state of arts, the whole system is blocked for all survey administrators.
Example: If I enter my Hotmail-Password wrong 10 times, the whole Hotmail-system would not be blocked for everybody, but only the account that I wanted to access with wrong password attempts will be blocked (same as GMX, ...).
For my opinion it is a security issue because everybody wo knows a survey admin's login can block the system for all admins.
Maybe we misunderstood.
|2018-03-27 21:00||Oli4||New Issue|
|2018-03-27 21:18||Oli4||Note Added: 47241|
|2018-03-28 08:11||DenisChenu||Note Added: 47242|
|2018-03-28 09:00||Oli4||Note Added: 47243|
|2018-03-28 12:23||c_schmitz||Note Added: 47259|
|2018-03-28 12:24||c_schmitz||Project||Bug reports => Feature requests|
|2018-03-28 12:25||DenisChenu||Note Added: 47260|
|2018-03-29 19:38||Oli4||Note Added: 47289|