Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20110

Add configurable delay for failed authentication

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.1.7
    • Fix Version/s: 3.0.7, 3.1.9
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Completed:
    • Sprint:
      Security 8 08/28/15, Security 9 (09/18/15), Security A 10/09/15

      Description

      Add a new server parameter --authFailedDelayMs to offer a basic protection against brute force password guessing attacks.

      The parameter should be configurable at startup and runtime and apply to at least MONGODB-CR, PLAIN and SCRAM-SHA-1.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: