경로 및 정보
strapi 관련
wtdsoul
2024. 3. 21. 14:20
https://github.com/strapi/strapi/issues/9470
Prevent brute force attack on admin login · Issue #9470 · strapi/strapi
Strapi version: 3.4.6 It's possible to do brute force attack on Strapi admin login. Currently, there are no way of rate limiting in Strapi for login.
github.com
types of attacks possible:
CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC-112: Brute Force
CVSS 7.5
path: /documentation/login
path: /admin/auth/login
how to fix this issue? captcha should show up after a few failed login attempts