Skip to content

[VULN-18] Brute Force Login Attacks #33

Description

@lyncmi07

Severity: Medium
Affected location: routes/auth.ts:49-69

Issue:
Login endpoint allows unlimited attempts, enabling password guessing attacks.

Mitigation plan:

  1. Add per-IP and per-account login attempt limits.
  2. Add progressive delay or temporary lockout after threshold.
  3. Emit structured security logs for repeated failures.

Verification / tests:

  • Tests for throttling/lockout behavior after repeated failures.
  • Ensure successful login still works after cooldown.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions