Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Issue E. Parallel Requests Bypass Exponentially Increasing Login Delay #825
Synopsis: GlobaLeaks implements an exponentially-increasing delay when a login fails. An attacker can get around this by sending requests in parallel.
Impact: An attacker can perform online login guessing attacks faster than expected.
Attack Resources: To perform this attack, the attacker must be able to establish multiple connections to
Feasibility: This issue can be exploited by simply making requests in parallel rather than in series.
To be managed as part of Flood Resiliency Project https://github.com/globaleaks/globaleaks/issues?labels=Flood-Resiliency-Protection&milestone=&page=1&state=open