Hello, I am facing the same challenge trying to prevent such problem(brute force on scratch codes)
Have you found any solution or alternative to cover the issue ? Thank for your help. Nordy Le dimanche 25 décembre 2022 à 04:51:26 UTC+1, Matthew Gordon a écrit : > Hello, > > How could I prevent brute force of the scratch codes for MFA gauth? > > Basically you can sit there rolling through the MFA codes until one hits a > scratch code, without things failing. Is there some way to cap failed MFA > logins, or integrate it with throttling? > > I tried building cas with Throttling as well ( > https://apereo.github.io/cas/development/authentication/Configuring-Authentication-Throttling.html), > > hoping that would work for MFA, but it just adds an entry per failed MFA > token, which is a good way to trigger a denial of service, possibly filling > up, whatever storage you use. > > Thank you, > Matt > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c14289ba-7614-44c3-bb32-7b31eecc9e83n%40apereo.org.
