http://bugzilla.novell.com/show_bug.cgi?id=550377 Summary: Add delay after login to prevent brutal force attack Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: WebYaST AssignedTo: kkaempf@novell.com ReportedBy: jreidinger@novell.com QAContact: qa@suse.de Blocks: 514382 Found By: --- brute force/dictionary attack (risk: medium, CWE-307): The login script does not protect against remote password guessing attacks. This can be used to guess the password of the root account. The same works with HTTP Basic Authentication. Solution: Add an increasing delay (maybe already in unix2_chkpwd but not in rpam) after every unseccessful login as well as close the connection after n incorrect logins. Report this attack attempt in the logs. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.