Displaying 1 result from an estimated 1 matches for "auth_failed_delay".
2008 Jan 01
6
Delay on failed pw attempts
Hi,
Is there a way, or can a way be added, to add an "auth_failed_delay=10s"
style option that would put in an artificial delay after a failed
password attempt?
As it stands now, Dovecot seems highly vulnerable to widescale
brute-force password dictionary scans.
Even if it's not configurable, can a delay be hardcoded to something
like, say, 10 or 15 seconds?...