Closed large closed 4 years ago
Hi,
Thanks for raising this.
I've just pushed out a new version 6.5.0 which contains a MaxAuthenticationAttempts option to configure the server with. This defaults to 3 so you can change it if you need.
Thanks, Cain.
Hi @cosullivan worked as a charm :) Nice work!
When a user is trying to authenticate it gets unlimited attempts. Currently testing with Thunderbird. Number of retries does not seems to count while doing authentication while other commands have limits.
Here is a log from an internal testing:
There should be a limit and the connection should be dropped if the user fails the authentication for x-number of times. Such implementation would invite to a brute-force ;)
My code returns false on the AuthenticateAsync() if the authentication isn't valid.
Edit: The version show'n in the welcome message is not correct, I am currently using 6.4.0
Edit edit: I created a workaround by adding a counter in the context. Added this in public Task AuthenticateAsync(ISessionContext context, string user, string password, CancellationToken token)