Access Control: Potentially Bruteforceable Login Form¶
Identifier:
potentially_bruteforceable_login_form
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Login forms that appear vulnerable to credential brute-force attacks due to missing rate limiting or account lockout.
How we test: We use AI-powered analysis to inspect discovered login forms and evaluate whether protections against credential stuffing and brute-force attacks appear to be missing.
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.