#5775 - Review behaviour of brute force logins with IP address

By PDStig
Added 22nd May 2024, 12:41 PM
1 view

Identifier	#5775
Issue type	Feature request or suggestion
Title	Review behaviour of brute force logins with IP address
Status	Open
Tags	Roadmap: Over the horizon (custom) Type: Security (custom)
Handling member	Deleted
Addon	core_cns
Description	The current behaviour with failed logins is that brute force compares to exact IP address. Is this secure enough? Perhaps we should compare to the first three(six) parts instead so it is more tolerant of botnets trying to target a specific user account. Or, do away with IP checking completely.
Steps to reproduce
Additional information	The current set-up allows an army of botnets on different IP addresses (especially IPv6) to mass-attempt logging in to a user's account. While still very difficult to do if the user has a good password and brute force security is strong (likely to run out of IPs from brute force banning before a success happens), I think we can do better than comparing full IP address on every attempt.
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 22nd May 2024, 12:41 PM

Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

By Guest posted 22nd Jul 2024, 4:56 PM

Comparing the first three octets won't help much, especially not with botnets. Making it too broad risks locking users out of their own accounts. Just comparing one IP address is still useful because it is still very possible a lone individual may try and get in just on their own machine.

#5775 - Review behaviour of brute force logins with IP address

Rating

Comments

Statistics