Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-92659

As an Instance Administrator, I want to be able to throttle MFA requests to prevent brute-force attack on verifiers

    Details

      Description

      Description

      We need an API and the implementation for MFAChecker to be able to rate limit brute-force attack.

      We are going with instance level configuration but we may consider the have separated sets of configuration on system and instance level later.

      Acceptance Criteria

      1. As an Instance Administrator, I want to configure a Retry Timeout in order not to allow End Users to make another token usage attempt within that time period.
      2. As an Instance Administrator, I do not want to let the End Users to make another token usage attempt within the configured Retry Timeout period.
      3. As an Instance Administrator, I want to configure the number of allowed failed attempts in order not to allow End Users to make too many token usage attempts without success.
      4. As an Instance Administrator, I do not want to let the End Users to make more token usage attempts than the configured number of allowed failed attempts.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              zsigmond.rab Zsigmond Rab
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Recent user:
              Kiyoshi Lee
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  7.3.10 DXP GA1
                  Master