Idea ID 2775580
This is a diagnostics vulnerability issue noticed in MF diagnostics.
Issue Account Lockout is not implemented
Observation It is observed that the account lockout functionality is missing leads to account login brute-force attack
Impact An attacker can perform brute-force attack until the valid credentials found. Once attacker gets the valid credentials during brute-force attack then attacker will take unauthorized access of system.
Thanks & Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.