Brute force attack login prevention in Service Desk
search cancel

Brute force attack login prevention in Service Desk


Article ID: 272339


Updated On:


CA Service Management - Service Desk Manager


The vulnerability scan test detected that should there be a brute force attack, the Service Desk Manager does not lock out the user(s): It was identified that N login requests can be made, which allows trying as many times as the password of a user is necessary to enter. We need to know if there is any brute force blocking for the SDM application, such as limited login attempts with users or IP blocking.  Is there a way to eliminate this vulnerability?


Release : 17.3 +


A security expert ran a vulnerability scan test and found that the user was never getting locked out. 


Under normal operation, when the users reach the SDM application, the authentication should have already been performed either through Integrated EEM or by using external authentication services (AD) integrated with EEM, and the authenticated user ID is mapped to the SDM contact that is configured with Access Type. Using an Active Directory, you can apply password policies e.g. changing it sporadically. If robust authentication and authorization is a requirement, you can adopt Single Sign-On, SAML, SSL, etc. Please review the External Authentication section of the linked techdocs(see additional information section).

Additional Information