Exceed No. of Login Attempts then lock user account

Hi CUBA Team,

I’d like to ask if we have a out-of-the-box feature on Exceed No. of Login Attempts then lock user account?

Regards,
CK

Yes, CUBA has the application property cuba.bruteForceProtection.maxLoginAttemptsNumber just match your request and you can find documentation here.

Hi Bryan,

We have tested Brute Force parameters. BruteForceProtection.maxLoginAttemptsNumber = block user login for X seconds Not user locking.

We found out the blocking would be lifted after Application reboot - It seems not database persisted.

Regards,
CK

That’s out-of-the-box solution. If it doesn’t meet your requirement you can override core functionality. please check:Block user after n trials of wrong username and password - #3 от пользователя krivopustov - CUBA.Platform

1 Like