Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
All versions of Confluence from what I understand
Description
Confluence does not prevent someone from making a script that tries every possible password combination for a Confluence account. There should be an option to set a max attempts and then lock out the user from the system. This is obviously a security problem as Confluence within most companies uses LDAP to authenticate and if user's LDAP's are breached then many other applications are breached.
Attachments
Issue Links
- is duplicated by
-
CONFSERVER-18169 Account lockout feature
- Closed