[ZBX-8636] Users "attempt_failed" counter doesn't increase after unsuccessful login Created: 2014 Aug 20 Updated: 2017 May 30 Resolved: 2014 Aug 20 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | API (A) |
Affects Version/s: | 2.3.3 |
Fix Version/s: | 2.3.4 |
Type: | Incident report | Priority: | Blocker |
Reporter: | Alexander Vladishev | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | login, vulnerability | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The message about the disabled account (Account is blocked for n seconds) doesn't appear any more after several attempts to login with the bad password. |
Comments |
Comment by Alexander Vladishev [ 2014 Aug 20 ] |
Broken in |
Comment by Krists Krigers (Inactive) [ 2014 Aug 20 ] |
Fixed and committed r48253, branch svn://svn.zabbix.com/branches/dev/ZBX-8636. |
Comment by Alexander Vladishev [ 2014 Aug 23 ] |
PostgreSQL log for easier searching: 2014-08-22 23:59:17 EEST ERROR: syntax error at or near ")" at character 36 2014-08-22 23:59:17 EEST STATEMENT: UPDATE users SET attempt_failed='6'), attempt_clock=1408741157, attempt_ip='127.0.0.1' WHERE userid='1' |
Comment by Krists Krigers (Inactive) [ 2014 Aug 26 ] |
Fixed and merged to 2.3.4 (trunk) in r48405. |