Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Cu ran the HCL app scan in redhat cloudforms environment and it gave error about the account lockout as follows: Threat Classification: Brute Force Risk: It might be possible to escalate user privileges and gain administrative permissions over the web application Causes: Insecure web application programming or configuration Fix: Enforce account lockout after several failed login attempts Version-Release number of selected component (if applicable): 5.11.3 How reproducible: Everytime at Cu environment Steps to Reproduce: 1. Run HCL app scan on Red Hat CloudForms 2. 3. Actual results: scan shows possible security risk, details are given in attachment Expected results: enforce account lockout after several failed login attempts Additional info: