[Commotion-admin] [commotion-openwrt] Authentication attempts should be logged and/or limited (#30)
areynold
notifications at github.com
Wed Sep 11 16:06:36 UTC 2013
Authentication attempts made against to /cgi-bin/luci/admin/ and ssh are not logged or limited in any way. An attacker can brute force passwords without any limitations or outward indications to a device administrator.
Lock out authentications after a number of failed attempts. Log failed attempts and present recent failures to the device administrator upon successful authentication.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-openwrt/issues/30
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130911/e6d5e24d/attachment.html>
More information about the Commotion-admin
mailing list