[tor-bugs] #23120 [Internal Services/Service - trac]: Make it harder to brute-force Trac user passwords
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 5 20:44:07 UTC 2017
#23120: Make it harder to brute-force Trac user passwords
--------------------------------------------------+-----------------
Reporter: gk | Owner: qbi
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Service - trac | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+-----------------
Currently we don't have any measures in place to stop brute-forcing
passwords of Trac accounts. I know, we are all using secure passwords, but
still we could do better here and set up an upper limit password retries.
That got reported via HackerOne by S.M.Usman (muhammad_usman)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23120>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list