Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Done
Priority: Critical
Fix Version/s: 31.0.3.Final, 32.0.0.Beta3
Affects Version/s: None
Component/s: Security
Labels:
None

Git Pull Request:
https://github.com/wildfly/wildfly-core/pull/6634, https://github.com/wildfly/wildfly-core/pull/6635

This is recorded as a Feature Request as the solution for this vulnerability is to add an entire new layer of functionality to the application server that did not previously exist.

blocks

WFCORE-7193 [Community] Add configuration to tune the brute force authentication counter measures

Open

depends on

ELY-2891 Add Utility that can wrap SecurityRealm to provide brute force back off protection for username / password auth

Resolved

is blocked by

WFLY-21441 IdentityPropagationTestCase fails once brute force protection is enabled.

Resolved

is cloned by

WFLY-20765 CVE-2025-23368 WildFly Elytron Brute Force Authentication Attack

Pull Request Sent

is related to

WFWIP-699 [WFCORE-7192] Brute Force Authentication Attack: caching-realm:clear-cache operation regression

Open

WFWIP-700 [WFCORE-7192] Brute Force Authentication Attack: jaas-realm creates sessions for non-existing users

Open

WFWIP-687 [WFCORE-7192] Brute Force Authentication Attack: SASL/HTTP inconsistency when attempting valid disabled authentication

Coding In Progress

(2 is related to)

Assignee:: Darran Lofthouse

Reporter:: Darran Lofthouse

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/03/21 9:48 AM

Updated:: 2026/02/07 7:53 PM

Resolved:: 2026/02/07 7:53 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates