Hello, I am facing the same challenge trying to prevent such problem(brute force on scratch codes)
Have you found any solution or alternative to cover the issue ? Thank for your help. Nordy Le dimanche 25 décembre 2022 à 04:51:26 UTC+1, Matthew Gordon a écrit : > Hello, > > How could I prevent brute force of the scratch codes for MFA gauth? > > Basically you can sit there rolling through the MFA codes until one hits a > scratch code, without things failing. Is there some way to cap failed MFA > logins, or integrate it with throttling? > > I tried building cas with Throttling as well ( > https://apereo.github.io/cas/development/authentication/Configuring-Authentication-Throttling.html), > > hoping that would work for MFA, but it just adds an entry per failed MFA > token, which is a good way to trigger a denial of service, possibly filling > up, whatever storage you use. > > Thank you, > Matt > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c14289ba-7614-44c3-bb32-7b31eecc9e83n%40apereo.org.
