Loading...

XML

Word

Printable

JSON

Type: New Feature
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.0.7, 3.1.9
Affects Version/s: 3.1.7
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Completed:

3.0.7
Sprint:
Security 8 08/28/15, Security 9 (09/18/15), Security A 10/09/15
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Add a new server parameter --authFailedDelayMs to offer a basic protection against brute force password guessing attacks.

The parameter should be configurable at startup and runtime and apply to at least MONGODB-CR, PLAIN and SCRAM-SHA-1.

Assignee:: Andreas Nilsson (Inactive)
Reporter:: Andreas Nilsson (Inactive)
Participants:: Andreas Nilsson, Githook User
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: Aug 25 2015 04:51:41 PM UTC
Updated:: Sep 28 2016 06:32:48 PM UTC
Resolved:: Oct 01 2015 07:39:21 PM UTC