Login Brute Force Vulnerability issues
Posted on 2014-03-29
We have a web portal which requires a login. We would like to secure the login from Brute Force Vulnerabilities. Our scanner is detecting the following issue. How can we fix this?
This vulnerability occurs when a malicious user succeeds to guess a valid username and password that will enable them to authenticate illicitly to a Web
The username and password would be "guessed" based on a generated list that can come from two sources: a user-defined configuration, or an internal list
provided by the WAS module based on the most common usernames and passwords.