[tor-bugs] #23120 [Internal Services/Service - trac]: Make it harder to brute-force Trac user passwords

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 5 20:44:07 UTC 2017


#23120: Make it harder to brute-force Trac user passwords
--------------------------------------------------+-----------------
     Reporter:  gk                                |      Owner:  qbi
         Type:  defect                            |     Status:  new
     Priority:  Medium                            |  Milestone:
    Component:  Internal Services/Service - trac  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+-----------------
 Currently we don't have any measures in place to stop brute-forcing
 passwords of Trac accounts. I know, we are all using secure passwords, but
 still we could do better here and set up an upper limit password retries.

 That got reported via HackerOne by S.M.Usman (muhammad_usman)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23120>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list