Description

The system does not have appropriate protection mechanisms against automated attacks designed to guess credentials.

Impact

Obtain the passwords of the application users.

Recommendation

Implement a control to avoid this type of attacks and to ensure that access is not made by a robot. E.g. Captcha, failed attempts blockout, etc.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 300 minutes.

Requirements

Fixes