Branch: refs/heads/2.3.0
Home:
https://github.com/Checkmk/checkmk
Commit: edfe1d4c852a893334a80fad3618f646fbcf78a0
https://github.com/Checkmk/checkmk/commit/edfe1d4c852a893334a80fad3618f646f…
Author: Zoey Hilton <zoey.hilton(a)checkmk.com>
Date: 2024-06-07 (Fri, 07 Jun 2024)
Changed paths:
A .werks/16830.md
M cmk/gui/userdb/session.py
M cmk/gui/wato/_check_mk_configuration.py
M cmk/gui/wato/pages/user_profile/two_factor.py
M tests/gui_e2e/test_totp.py
M tests/testlib/playwright/pom/login.py
Log Message:
-----------
16830 SEC Bruteforce protection for two factor authentication
Prior to this werk, Two Factor Authentication failures could not trigger account lockout.
All methods' failures will now count towards failed login attempts against a
user's account.
As a result, an attacker could try to brute-force and therefore bypass user's two
factor protections without triggering the lockout mechanism.
Change-Id: Ibe893e4885a72a6a1760ee51351a7aa0f427994c
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications