[checkmk-commits] [Checkmk/checkmk] edfe1d: 16830 SEC Bruteforce protection for two factor aut...

Branch: refs/heads/2.3.0 Home: https://github.com/Checkmk/checkmk Commit: edfe1d4c852a893334a80fad3618f646fbcf78a0 https://github.com/Checkmk/checkmk/commit/edfe1d4c852a893334a80fad3618f646f… Author: Zoey Hilton <zoey.hilton(a)checkmk.com> Date: 2024-06-07 (Fri, 07 Jun 2024) Changed paths: A .werks/16830.md M cmk/gui/userdb/session.py M cmk/gui/wato/_check_mk_configuration.py M cmk/gui/wato/pages/user_profile/two_factor.py M tests/gui_e2e/test_totp.py M tests/testlib/playwright/pom/login.py Log Message: ----------- 16830 SEC Bruteforce protection for two factor authentication Prior to this werk, Two Factor Authentication failures could not trigger account lockout. All methods' failures will now count towards failed login attempts against a user's account. As a result, an attacker could try to brute-force and therefore bypass user's two factor protections without triggering the lockout mechanism. Change-Id: Ibe893e4885a72a6a1760ee51351a7aa0f427994c To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications