[SERVER-20110] Add configurable delay for failed authentication Created: 25/Aug/15  Updated: 28/Sep/16  Resolved: 01/Oct/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.1.7
Fix Version/s: 3.0.7, 3.1.9

Type: New Feature Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
is documented by DOCS-8962 Add configurable delay for failed aut... Closed
Backwards Compatibility: Fully Compatible
Backport Completed:
Sprint: Security 8 08/28/15, Security 9 (09/18/15), Security A 10/09/15
Participants:

 Description   

Add a new server parameter --authFailedDelayMs to offer a basic protection against brute force password guessing attacks.

The parameter should be configurable at startup and runtime and apply to at least MONGODB-CR, PLAIN and SCRAM-SHA-1.



 Comments   
Comment by Githook User [ 13/Oct/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-20110 Add configurable delay for failed authentication
Branch: artree
https://github.com/10gen/mongo-enterprise-modules/commit/1ef2ed01dc417b98d6088961cc79d9893a8d99c4

Comment by Githook User [ 01/Oct/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-20110 Add configurable delay for failed authentication
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/1ef2ed01dc417b98d6088961cc79d9893a8d99c4

Comment by Githook User [ 01/Oct/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-20110 Add configurable delay for failed authentication
Branch: master
https://github.com/mongodb/mongo/commit/16f788f2e7a34690939ab4adfea146d81d935b9a

Comment by Githook User [ 09/Sep/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-20110 Add authFailedDelayMs parameter test
Branch: v3.0
https://github.com/10gen/mongo-enterprise-modules/commit/1a2a7c9fa524a88179aee8bde8c9f7866c10d82f

Comment by Githook User [ 08/Sep/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-20110 Add configurable delay for failed authentication
Branch: v3.0
https://github.com/10gen/mongo-enterprise-modules/commit/6f11d341544d4f08e73eaac0021db14f7ba51f53

Comment by Githook User [ 08/Sep/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-20110 Add configurable delay for failed authentication
Branch: v3.0
https://github.com/mongodb/mongo/commit/a72e495984bc778ec5941d990fc9420948e0e35a

Generated at Thu Feb 08 03:53:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.