[CMS-3672] Security improvements login page - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.22.04, 2.23.02-alpha
Component/s: None
Labels:
- security

Description

do not mention the version at the login page. This gives hackers more information about vulnerabilities. Instead show versio nr inside the CMS (not too deep please - e.g. not system/admin page)
do not show message that a user is already logged in and will be logged out. This provides information about valid user names. Instead when clicking OK ask for conformation to proceed if user is already logged in and passed in credentials are valid.
add metatag like <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> (to be verified) to the login page so robots won't pick it up.

Attachments

Sub-Tasks

1.

Do not mention the version at the login page.

Closed

Sylvain Pélissier (Inactive)

0%

Original Estimate - 2 hours

Remaining Estimate - 2 hours

2.

Do not show message that a user is already logged in and will be logged out.

Closed

Junaidh Kadhar Sheriff

100%

Original Estimate - 1 day

Time Spent - 1 hour, 15 minutes

Time Not Required

3.

Add metatag to the login page so robots won't pick it up.

Closed

Sylvain Pélissier (Inactive)

0%

Original Estimate - 4 hours

Remaining Estimate - 4 hours

4.

Show CAPTCHA after several failed logins to prevent brute forcing

Closed

Junaidh Kadhar Sheriff

100%

Original Estimate - Not Specified

Original Estimate - Not Specified

Time Spent - 7 hours, 30 minutes

Activity

People

Assignee:: Mohammad Nour (Inactive)

Reporter:: Stephan Westen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Jan/10 10:00 AM

Updated:: 07/Jun/12 2:35 PM

Resolved:: 07/Jun/12 2:35 PM

Time Tracking

Estimated:

1d 6h

Remaining:

6h

Logged:

1d 45m

Include sub-tasks