Portainer wrong password input timeout should be add. #11494
myagizmaktav
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe
I have access to Portainer in the public domain. However, I've noticed that when I enter multiple incorrect passwords simultaneously, it doesn't trigger a timeout. This means I could potentially script an attack to repeatedly attempt to break the password without any barrier.
Describe the solution you'd like
I would like the Portainer interface to implement a timeout mechanism that activates after a certain number of consecutive incorrect password attempts. This would prevent malicious actors from scripting brute-force attacks to break into the system. Additionally, it would enhance security by adding an extra layer of protection against unauthorized access.
Describe alternatives you've considered
An alternative solution could involve implementing rate limiting for password attempts within Portainer. This approach would limit the number of login attempts a user can make within a specific timeframe, reducing the effectiveness of brute-force attacks while still allowing legitimate users to access the system. Additionally, integrating multi-factor authentication (MFA) could provide an extra layer of security by requiring users to verify their identity through an additional method, such as a one-time code sent to their mobile device. This would further mitigate the risk of unauthorized access even if an attacker manages to obtain or guess the correct password.
Additional context
No response
Beta Was this translation helpful? Give feedback.
All reactions