View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003189 | SOGo | Backend General | public | 2015-04-29 09:22 | 2015-08-10 13:32 |
Reporter | Jens Erat | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 2.2.17 | ||||
Summary | 0003189: Failed logins should not terminate open sessions | ||||
Description | After a given number of failed logins, a user is locked for some time span to prevent brute force attacks. Currently, a user is logged out from existing sessions if this happens, which is unnecessary and allows deauthentication attacks. | ||||
Steps To Reproduce |
| ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2015-04-29 09:22 | Jens Erat | New Issue |