Solved

Login Brute Force Vulnerability issues

Posted on 2014-03-29
2
216 Views
Last Modified: 2014-04-19
We have a web portal which requires a login. We would like to secure the login from Brute Force Vulnerabilities. Our scanner is detecting the following issue. How can we fix this?

This vulnerability occurs when a malicious user succeeds to guess a valid username and password that will enable them to authenticate illicitly to a Web
application.
The username and password would be "guessed" based on a generated list that can come from two sources: a user-defined configuration, or an internal list
provided by the WAS module based on the most common usernames and passwords.
0
Comment
Question by:skyjumperdude
2 Comments
 
LVL 7

Accepted Solution

by:
Delete earned 500 total points
ID: 39964139
You can either have the account lockout for a specified duration after 3 to 6 failed attempts which makes brute forcing a lot harder, or you can ask for additional information upon login (i.e. a secreate question, a pin, their zip code, etc).
0
 
LVL 32

Expert Comment

by:Big Monty
ID: 39966578
i would do both if you're really concerned about security, lock the account after x amount of attempts, and also add something like captcha the end user has to enter in before the form is submitted.

of course, this can be a real pain in the butt to the end user to have to enter in captcha details every time they log in. it's something you'll have to weigh in on, security vs ease of use
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now