Details
-
Suggestion
-
Resolution: Unresolved
Description
Information system does not enforce the limit of x number consecutive invalid logon attempts by a user during a defined x minute time period. After x number of consecutive invalid logon attempts, the user account should be locked out for x minute waiting period.
User story: Crucible should enforce the limit of five (5) consecutive invalid logon attempts by a user during a defined fifteen (15) minute time period. After 5 consecutive invalid logon attempts, the user account should be locked out for 15 minutes.
This functionality should work for both internal user directories as well as LDAP connected user directories.
Attachments
Issue Links
- is related to
-
CRUC-8130 Audit of privileged functions
- Not Being Considered