View Issue Details

IDProjectCategoryView StatusLast Update
0009788mantisbtfeaturepublic2010-04-23 23:23
Reporterllattan Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
PlatformallOSallOS Versionall
Product Version1.1.4 
Summary0009788: captcha on login screen
Description

I would like my mantisbt could be accesible from internet, but I think it could be insecure.

Could you add CAPTCHA in login screen to avoid brute-force attacks ?
(if the user fails the password once or twice)

I hope you can help me.

Regards.
Leandro.

TagsNo tags attached.

Relationships

related to 0009789 acknowledged password policies and lockout for failed login attempts 

Activities

vboctor

vboctor

2008-11-07 17:58

manager   ~0019808

I'm OK with showing it only after a couple of failing attempts.

rolfkleef

rolfkleef

2010-01-27 07:09

reporter   ~0024260

you can use the config variable $g_max_failed_login_count to set an upper limit to protect against brute-force login attempts

there is a "Lost your password" option for users who fail once or twice

so I'm closing this as "won't fix", but if the feature is really desired, reopen it

Issue History

Date Modified Username Field Change
2008-11-07 16:28 llattan New Issue
2008-11-07 17:57 vboctor Relationship added related to 0009789
2008-11-07 17:58 vboctor Note Added: 0019808
2008-11-07 17:58 vboctor Status new => acknowledged
2010-01-27 07:09 rolfkleef Note Added: 0024260
2010-01-27 07:09 rolfkleef Status acknowledged => resolved
2010-01-27 07:09 rolfkleef Resolution open => won't fix
2010-01-27 07:09 rolfkleef Assigned To => rolfkleef
2010-01-27 07:09 rolfkleef Assigned To rolfkleef =>
2010-04-23 23:23 dhx Status resolved => closed