No Lockout Policy

Permalink 2 2 Browser Info Environment
Team, I observed that there is no lockout policy in place due to which a malicious actor could perform a brute-force attack against the login portal which can lead to account takeover. At least there should be a throttling mechanism in place.

Status: New

concrete5 Environment Information


Browser User-Agent String

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0