View Issue Details

IDProjectCategoryView StatusLast Update
0005445OXID eShop (all versions)4.04. Securitypublic2015-12-01 09:13
Status assignedResolutionopen 
PlatformallOSallOS Versionall
Product Version4.7.8 / 5.0.8 
Target VersionFixed in Version 
Summary0005445: Prevent multiple wrong password guesses by potential attackers
DescriptionAdd captchas after 3 invalid tries - or disable user account.
Or block more than 3 tries from the same ip-address (even on different usernames) to prevent automatic password tools from getting access to the shop.

TagsNo tags attached.
ThemeNot defined
PHP VersionNot defined
Database VersionNot defined


vanilla thunder

2013-09-30 09:32

reporter   ~0009118

in my oppinion blocking failed login tries from the same ip even with differen usernames is not that good idea. I'm never sure which of my email addresses is have used in combination with what password. But indeed same ip + same username could be blocked after some amount of failed tries.

German "Trusted Shops" requires such a function and its quiet easy to build that.
Im pretty sure community would be happy about such a built-in feature, which already met requirements by trusted shops.


2014-03-28 10:04

reporter   ~0009746

waiting for the PO decision.