-
Hi,
Thanks for your great service, but I've come across an issue:
Normally when you set query parameters in an url you use something like [encodeURIComponent()](https://developer.mozilla.org/en-…
-
Add Brute Force Protection like Fail2Ban.
https://github.com/nextcloud/server/pull/479
-
- could be a security issue. Mitigations:
- add a warning?
- optionally enforce password protection?
- enforce a minimum set of dictionary words? (minimal 2, optionally configurable?)
- makes…
-
After using the plugins for some tests I have noticed a few things that are not standard practice and are possible security vulnerabilities.
### Missing key exchange
The plugin lacks an key exchan…
-
~~1. Authentication failures should be logged by default.~~ see 4
2. There should be authentication rate limiting
3. There should be an account lockout feature (with sane defaults)
a) admin sho…
-
Right now we secure the connection between the webview and Express-PouchDB using a secret sent in the clear over HTTP on localhost. Eventually the connection will be encrypted but in the meantime the …
-
To prevent a database dump from revealing access to user accounts.
jdmcd updated
5 years ago
-
Hello
Is it possible to add a compressed and uncompressed pub key search i think it will increase also the speed.
Set up Brute Force to search only the "X" value from the Pub Key or both "X" an…
-
Passwords set by the user should be protected against brute-force attacks by using a computationally expensive key derivation function. We currently don't use a key derivation function but encrypt the…
-
I'm alarmed to see this at https://github.com/chriszarate/supergenpass/wiki/FAQ
> SuperGenPass uses a one-way hash algorithm (base-64 MD5) to generate passwords. Specifically, it concatenates the mas…