Solved

Login Brute Force Vulnerability issues

Posted on 2014-03-29
2
224 Views
Last Modified: 2014-04-19
We have a web portal which requires a login. We would like to secure the login from Brute Force Vulnerabilities. Our scanner is detecting the following issue. How can we fix this?

This vulnerability occurs when a malicious user succeeds to guess a valid username and password that will enable them to authenticate illicitly to a Web
application.
The username and password would be "guessed" based on a generated list that can come from two sources: a user-defined configuration, or an internal list
provided by the WAS module based on the most common usernames and passwords.
0
Comment
Question by:skyjumperdude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
ID: 39964139
You can either have the account lockout for a specified duration after 3 to 6 failed attempts which makes brute forcing a lot harder, or you can ask for additional information upon login (i.e. a secreate question, a pin, their zip code, etc).
0
 
LVL 33

Expert Comment

by:Big Monty
ID: 39966578
i would do both if you're really concerned about security, lock the account after x amount of attempts, and also add something like captcha the end user has to enter in before the form is submitted.

of course, this can be a real pain in the butt to the end user to have to enter in captcha details every time they log in. it's something you'll have to weigh in on, security vs ease of use
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question