Closed ashishsabu closed 1 year ago
multiOTP
commented
1 year ago Hello,
multiOTP
commented
1 year ago Hello, Could you please exactly explain what you are doing, and what is your current configuration ? Are you trying to connect using RDP somewhere ? Please send us the complete registry settings, and explain also your setup (only one computer with multiOTP Credential Provider and you try to log on locally, one computer without multiOTP Credential Provider and a remote computer with multiOTP Credential Provider on which you try to connect using RDP, etc.) Describe us the process step by step of what you are doing Provide us also printscreen of the various page displayed, indicating in which step of your process you are. Thx and regards
ashishsabu
commented
1 year ago Hello Team,
I have install multiOTP Credential Provider on single setup and update the value of below parameters in multiOTP.ini file. max_block_failures=4 max_delayed_failures=4
that means user account will get locked after 4 incorrect TOTP login attempts. this scenario is working fine if I entered 4 different TOTP at each login attempt. but if I enter same TOTP at each login attempt then user account will not get locked.
for example- If I have enter same TOTP - 123456 at each login attempt. even after 10 unsuccessful login attempts user account is not locked. I have found the below line in multiOTP.log
Could you please help.
Thanks and Regards, Ashish Sabu
multiOTP
commented
1 year ago Hello Ashish, Replaying the same token again and again will not lock the account, but it will only count once. This is because depending the client implementation doing the radius authentication, if a successful connection is lost, it tries several times to send the previous successful authentication, which is not considered as an attack, but a bad replay attempt which is refused and traced. Please not also that we will clsoe the cas here, as it's not related to the initial topic. Regards,
Hello Team,
I need help in below two points-
Thanks and Regards, Ashish Sabu