Closed Bug 977027 Opened 11 years ago Closed 11 years ago

possibility of brute-force

Categories

(Invalid Bugs :: General, defect)

Product:
Invalid Bugs
Component:
General
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: zikozix90, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31 Steps to reproduce: gave to attacker the possibility of brute-force emails account unlimited times Actual results: The attcker can keep trying until he find the right passwords Expected results: after 3 or 5 wrong passwords the server request captcha or phone confirmation or any other validation methods to make thats the real email owner
Please do not play in bugzilla.mozilla.org. It is a production bug tracking system used by the mozilla community to support development of Firefox and other projects used by hundreds of millions of people. You add noise and annoyance playing here. If you want to learn how to use bugzilla, please use our testing environment on landfill.bugzilla.org.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Component: Security → General
Product: Thunderbird → Invalid Bugs
Version: 17 → unspecified
You need to log in before you can comment on or make changes to this bug.