The application lacks protection against password bruteforce attacks during log in.
Technical description:
The login functionality does not have measures to prevent password brute-force attacks. This leaves the application vulnerable to automated attacks by trying multiple password combinations to gain unauthorized access.
Impact:
Attackers can attempt numerous password combinations, increasing the risk of account compromise.
Recommendation:
[x] Implement account lockout mechanisms to temporarily lock accounts after a certain number of failed login attempts.
[x] Implement rate limiting to restrict the number of login attempts from a single IP address within a given time frame. will fix later, see #2270
Description:
The application lacks protection against password bruteforce attacks during log in.
Technical description:
The login functionality does not have measures to prevent password brute-force attacks. This leaves the application vulnerable to automated attacks by trying multiple password combinations to gain unauthorized access.
Impact:
Attackers can attempt numerous password combinations, increasing the risk of account compromise.
Recommendation: