Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7754 Denial of service through login form
    Infos
    #7754
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-08 11:03
    7756
    Details
    Denial of service through login form

    The login form could be leveraged in a denial of service attack.

    Impact

    An attacker could use the login form to put the server under an excessive load. By doing so, Tuleap could be become innacessible to legitimate users.

    CVSS2 score : 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

    Reference

    https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks

    Authentication & LDAP
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-01-09
    Attachments
    Empty
    References
    Referencing request #7754

    Artifact

    rel #7520 7.10
    request #8798 Sleep between login attempt [Brute Force protection]

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/48/3448/1' of ssh://gerrit.tuleap.net:29418/tuleap into stable ec0d6b1a62
    User avatar Nicolas Terray (nterray) , 2015-01-09 09:55
    request #7754: Prevent denial of service via the login form cc56105d87
    User avatar Thomas Gerbet (tgerbet) , 2015-01-08 11:06
    request #7754: Prevent denial of service via the login form cdd8bc97e7
    User avatar Thomas Gerbet (tgerbet) , 2015-01-19 16:28
    Referenced by request #7754

    Other

    gerrit #3448
    Display settings

    Follow-ups

    User avatar
    Yannis ROSSETTO (rossettoy)2015-01-09 15:41
    Merged in Tuleap 7.9.99.x
    • Status changed from Under review to Closed
    • Close date set to 2015-01-09