Brute force attack login prevention in Service Desk
search cancel

Brute force attack login prevention in Service Desk

book

Article ID: 272339

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

The vulnerability scan test detected that should there be a brute force attack, the Service Desk Manager does not lock out the user(s): It was identified that N login requests can be made, which allows trying as many times as the password of a user is necessary to enter.

Is there a way to eliminate this vulnerability?

Environment

Release : 17.3 +

Resolution

Under normal operation, when the users reach the SDM application, the authentication should have already been performed either through integrated EEM or by using external authentication services (i.e. AD integrated with EEM) and the authenticated user ID is mapped to the SDM contact that is configured with Access Type.

When using Active Directory, you can apply password policies.

If robust authentication and authorization is a requirement, you can adopt Single Sign-On, SAML, SSL, etc. 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configure-ca-service-desk-manager/ca-sdm-user-authentication.html

 

 

Additional Information