Account lockout
Description
It is possible to cause account lockouts, effectively blocking users from accessing the system.
Impact
Avoid the access of valid users to the application.
Recommendation
Avoid blocking users accounts as a mechanism of protection, make it more restrictive or control it to prevent an exploitation by attackers.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
226 - Avoid account lockoutsScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
N
Availability (VA)
L
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N