[ELY-2891] Add Utility that can wrap SecurityRealm to provide brute force back off protection for username / password auth - Red Hat Issue Tracker

Type: Enhancement
Resolution: Unresolved
Priority: Critical
Fix Version/s: 2.7.0.CR1
Affects Version/s: None
Component/s: Realms
Labels:
None

The idea of the utility is that after so many failed authentications the realm should for a period of time act as though all further attempts are invalid regardless of if they are.

If further attempts occur the back off period should increase although with caution that we don't back off until the end of time.

State will be kept in memory so only survive until the next server reload.

It should be possible to tune the back off configuration.

It should also be possible to unlock one or all identities so this utility does not become it's own DoS mechanism.

is depended on by

WFCORE-7192 CVE-2025-23368 WildFly Elytron Brute Force Authentication Attack

Coding In Progress

Assignee:: Darran Lofthouse

Reporter:: Darran Lofthouse

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/03/21 10:03 AM

Updated:: 2025/04/15 11:06 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates