Skip to content

Access Control: Potentially Bruteforceable Login Form

Identifier: potentially_bruteforceable_login_form

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Login forms that appear vulnerable to credential brute-force attacks due to missing rate limiting or account lockout.

How we test: We use AI-powered analysis to inspect discovered login forms and evaluate whether protections against credential stuffing and brute-force attacks appear to be missing.

Configuration

Example

Example configuration:

---
security_tests:
  potentially_bruteforceable_login_form:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.