Openbravo Issue Tracking System - Openbravo ERP | ||||||||||||
| View Issue Details | ||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||||
| 0038652 | Openbravo ERP | C. Security | public | 2018-05-29 16:31 | 2018-06-04 09:17 | |||||||
| Reporter | alostale | |||||||||||
| Assigned To | alostale | |||||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | |||||||
| Status | closed | Resolution | fixed | |||||||||
| Platform | OS | 5 | OS Version | |||||||||
| Product Version | ||||||||||||
| Target Version | Fixed in Version | 3.0PR18Q3 | ||||||||||
| Merge Request Status | ||||||||||||
| Review Assigned To | caristu | |||||||||||
| OBNetwork customer | No | |||||||||||
| Web browser | ||||||||||||
| Modules | Core | |||||||||||
| Support ticket | ||||||||||||
| Regression level | ||||||||||||
| Regression date | ||||||||||||
| Regression introduced in release | ||||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0038652: security default: delay response after failed login attempt | |||||||||||
| Description | In order to mitigate possible brute-force attacks [1], it is possible to configure some delay in the response after failed login attempts. Even this is configurable [2], by default it is disabled. --- [1] https://en.wikipedia.org/wiki/Brute-force_attack [^] [2] http://wiki.openbravo.com/wiki/Openbravo.properties#Log_in_security [^] | |||||||||||
| Steps To Reproduce | - | |||||||||||
| Proposed Solution | New instances should have this feature enabled by default with: * 200ms of increment after each consecutive failed login attempt * up to 3 seconds of maximum delay * there will be no user locking by default Existing instance will keep their current configuration | |||||||||||
| Additional Information | ||||||||||||
| Tags | No tags attached. | |||||||||||
| Relationships |
| |||||||||||
| Attached Files | ||||||||||||
| Issue History | ||||||||||||
| Date Modified | Username | Field | Change | |||||||||
| 2018-05-29 16:31 | alostale | New Issue | ||||||||||
| 2018-05-29 16:31 | alostale | Assigned To | => alostale | |||||||||
| 2018-05-29 16:31 | alostale | OBNetwork customer | => No | |||||||||
| 2018-05-29 16:31 | alostale | Modules | => Core | |||||||||
| 2018-05-29 16:31 | alostale | Triggers an Emergency Pack | => No | |||||||||
| 2018-05-29 16:31 | alostale | Relationship added | depends on 0038651 | |||||||||
| 2018-05-29 16:34 | alostale | Proposed Solution updated | ||||||||||
| 2018-05-30 09:19 | hgbot | Checkin | ||||||||||
| 2018-05-30 09:19 | hgbot | Note Added: 0104799 | ||||||||||
| 2018-05-30 09:19 | hgbot | Status | new => resolved | |||||||||
| 2018-05-30 09:19 | hgbot | Resolution | open => fixed | |||||||||
| 2018-05-30 09:19 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/31ee92fe5dd441e2ffac6a8ebda8f9a07894478a [^] | |||||||||
| 2018-06-01 09:34 | alostale | Review Assigned To | => caristu | |||||||||
| 2018-06-04 09:17 | caristu | Note Added: 0104902 | ||||||||||
| 2018-06-04 09:17 | caristu | Status | resolved => closed | |||||||||
| 2018-06-04 09:17 | caristu | Fixed in Version | => 3.0PR18Q3 | |||||||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||