DeepDiver1975
commented
7 months ago see rate limiting recommendations: https://doc.owncloud.com/server/next/admin_manual/configuration/server/harden_server.html#rate-limiting
Closed friarl closed 7 months ago
DeepDiver1975
commented
7 months ago see rate limiting recommendations: https://doc.owncloud.com/server/next/admin_manual/configuration/server/harden_server.html#rate-limiting
If login details are compromised an attacker could brute force the One-time Password. https://cwe.mitre.org/data/definitions/1216.html
A typical 6 digit code is estimated to take ~11 hours to bruteforce, however if using a cloud compute type design (Azure,GCP,AWS), it is estimated that it can take only 2.5minutes to brute force. The OTP does rotate every 60 seconds but this does not make it impossible for this brute force to fail.
Running version 0.7.5
Is there a possiblity to add rate limiting to the One-time Password to protect against bruteforce attempts.