[ZBX-8636] Users "attempt_failed" counter doesn't increase after unsuccessful login Created: 2014 Aug 20 Updated: 2017 May 30 Resolved: 2014 Aug 20 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | API (A) |
| Affects Version/s: | 2.3.3 |
| Fix Version/s: | 2.3.4 |
| Type: | Incident report | Priority: | Blocker |
| Reporter: | Alexander Vladishev | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | login, vulnerability | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
The message about the disabled account (Account is blocked for n seconds) doesn't appear any more after several attempts to login with the bad password. |
| Comments |
| Comment by Alexander Vladishev [ 2014 Aug 20 ] |
|
Broken in |
| Comment by Krists Krigers (Inactive) [ 2014 Aug 20 ] |
|
Fixed and committed r48253, branch svn://svn.zabbix.com/branches/dev/ZBX-8636. |
| Comment by Alexander Vladishev [ 2014 Aug 23 ] |
|
PostgreSQL log for easier searching: 2014-08-22 23:59:17 EEST ERROR: syntax error at or near ")" at character 36 2014-08-22 23:59:17 EEST STATEMENT: UPDATE users SET attempt_failed='6'), attempt_clock=1408741157, attempt_ip='127.0.0.1' WHERE userid='1' |
| Comment by Krists Krigers (Inactive) [ 2014 Aug 26 ] |
|
Fixed and merged to 2.3.4 (trunk) in r48405. |