View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
13546 | Feature requests | Security | public | 2018-03-27 21:00 | 2021-10-28 09:57 |
Reporter | Oli4 | Assigned To | galads | ||
Priority | none | Severity | @60@ | ||
Status | closed | Resolution | fixed | ||
Summary | 13546: After entering 5 times wrong password from any user, all users are blocked for 10 minutes (even admin) | ||||
Description | After entering 5 times wrong password from any user (Survey admin), all users are blocked for 10 minutes (even admin). It's a security issue because almost everybody can block out everybody. | ||||
Steps To Reproduce | try it | ||||
Tags | No tags attached. | ||||
Bug heat | 260 | ||||
Story point estimate | |||||
Users affected % | |||||
It continues the time with every attempt |
|
With same IP adress, right ? «maxLoginAttempt: This is the number of attempts a user has to enter the correct password before he or she gets her or his IP address blocked/locked out.» |
|
Yes, the Server is behind a proxy (as many Servers I guess). The problem is that ALL users are blocked out an not only the specific user that entered the password 5 times wrong. |
|
This is probably more like a feature request. Just raise the number of login attempts. |
|
Whitelist can be easily done via Plugin (have one) |
|
Why is it not possible or so difficult to block the ONLY the specific user who entered the wrong password several times and not the IP. Many/most servers are behind a reverse proxy and always see the same IP-address. In this state of arts, the whole system is blocked for all survey administrators. |
|
It is now possible to whitelist IP addresses from the global settings and even in the config file. I am therefore closing this issue. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2018-03-27 21:00 | Oli4 | New Issue | |
2018-03-27 21:18 | Oli4 | Note Added: 47241 | |
2018-03-27 21:18 | Oli4 | Issue Monitored: Oli4 | |
2018-03-28 08:11 | DenisChenu | Note Added: 47242 | |
2018-03-28 09:00 | Oli4 | Note Added: 47243 | |
2018-03-28 12:23 | c_schmitz | Note Added: 47259 | |
2018-03-28 12:24 | c_schmitz | Project | Bug reports => Feature requests |
2018-03-28 12:25 | DenisChenu | Note Added: 47260 | |
2018-03-29 19:38 | Oli4 | Note Added: 47289 | |
2021-10-28 09:51 | galads | Note Added: 66988 | |
2021-10-28 09:51 | galads | Bug heat | 258 => 260 |
2021-10-28 09:57 | galads | Assigned To | => galads |
2021-10-28 09:57 | galads | Status | new => closed |
2021-10-28 09:57 | galads | Resolution | open => fixed |