Closed
Description
openedon Apr 15, 2024
Steps to reproduce
- Set password attempts limit to N
- Try to log in with incorrect credentials throughout the uncertain timeframe (week, month)
- Reach N attempts
Expected behaviour
App should block user after several consequent incorrect attempts within short time interval (like brute-force attack)
- 3 attempts in a row;
- 10 attempts within one hour;
- other options, considering amount + time interval between first-last attempt
Actual behaviour
Regardless when user will reach the limit (month, year), account will be blocked
Nextcloud version: 27.1.7
App version: 1.17.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment