Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[SECURITY] Insufficient Anti-Automation – Brute Force Attack #991
About audited Directus version.
Insufficient Anti-automation occurs when a web application permits an attacker to automate a process that was originally designed to be performed only in a manual fashion, i.e. by a human web user.
Once exploited, attackers can use an automatic tool or a simple script that performs a brute-force authentication attempts, and possible cause a legitimate user lock out.
The login mechanism of the application does not prevent a brute-force on login attempts and on change password function.
What problem does this feature solve?
Fixes security hole.
How do you think this should be implemented?
Would you be willing to work on this?
Maybe, with help/guidance from Directus team.