From c1bbf0d0b6522f47572c38e25c4e23b184665c46 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 17 Oct 2015 13:37:11 +0200
Subject: [PATCH] After failed login wait a second to slow down brute-force
 attacks (#1490549)

---
 program/include/rcmail.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index b2ab79ab8c7..81a1c817cd6 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -596,6 +596,8 @@ function login($username, $pass, $host = null, $cookiecheck = false)
 
         // try to log in
         if (!$storage->connect($host, $username, $pass, $port, $ssl)) {
+            // Wait a second to slow down brute-force attacks (#1490549)
+            sleep(1);
             return false;
         }