Hi Nordy, Throttling does work - https://apereo.github.io/cas/development/authentication/Configuring-Authentication-Throttling-Failure.html
Thank you, Matt On Friday, July 11, 2025 at 12:46:50 PM UTC-4 Nordy Di Marzio wrote: > Hello, > > I am facing the same challenge trying to prevent such problem(brute force > on scratch codes) > > Have you found any solution or alternative to cover the issue ? > > Thank for your help. > Nordy > > Le dimanche 25 décembre 2022 à 04:51:26 UTC+1, Matthew Gordon a écrit : > >> Hello, >> >> How could I prevent brute force of the scratch codes for MFA gauth? >> >> Basically you can sit there rolling through the MFA codes until one hits >> a scratch code, without things failing. Is there some way to cap failed MFA >> logins, or integrate it with throttling? >> >> I tried building cas with Throttling as well ( >> https://apereo.github.io/cas/development/authentication/Configuring-Authentication-Throttling.html), >> >> hoping that would work for MFA, but it just adds an entry per failed MFA >> token, which is a good way to trigger a denial of service, possibly filling >> up, whatever storage you use. >> >> Thank you, >> Matt >> > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8c447b25-06f0-4ea6-a881-2c2e1cd5269en%40apereo.org.
