Right now, as it has always been, there is nothing stopping someone from doing a brute force attack on the Root DN's password. While is hardcoded for the Root DN password changes to bypass password policy, we should add something, even if it's a basic policy, to prevent these attacks.
Maybe extend the Root DN Access Control plugin and add a new postop bind plugin function.
Metadata Update from @mreynolds: - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Issue set to the milestone: 1.4 backlog
Just a simple idea to reduce capability of brute force attack is to create a delay of few seconds, upon DM bind failure.
Metadata Update from @tbordaz: - Issue set to the milestone: None (was: 1.4 backlog)
Metadata Update from @mreynolds: - Issue set to the milestone: 1.4 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3702
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.