The vulnerability scan test detected that should there be a brute force attack, the Service Desk Manager does not lock out the user(s): It was identified that N login requests can be made, which allows trying as many times as the password of a user is necessary to enter.
Is there a way to eliminate this vulnerability?
Release : 17.3 +
Under normal operation, when the users reach the SDM application, the authentication should have already been performed either through integrated EEM or by using external authentication services (i.e. AD integrated with EEM) and the authenticated user ID is mapped to the SDM contact that is configured with Access Type.
When using Active Directory, you can apply password policies.
If robust authentication and authorization is a requirement, you can adopt Single Sign-On, SAML, SSL, etc.