•  
      request #7754 Denial of service through login form
    Infos
    #7754
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-08 11:03
    7756
    Details
    Denial of service through login form

    The login form could be leveraged in a denial of service attack.

    Impact

    An attacker could use the login form to put the server under an excessive load. By doing so, Tuleap could be become innacessible to legitimate users.

    CVSS2 score : 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

    Reference

    https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks

    Authentication & LDAP
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-01-09
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Merged in Tuleap 7.9.99.x

    • Status changed from Under review to Closed
    • Close date set to 2015-01-09