diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-06-17 16:19:48 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-06-17 16:19:48 +0300 |
| commit | acd7aa639da554454e295c60f41899c3af6d3f43 (patch) | |
| tree | 7a18312b311f8eabaa242c48703bb907b7a53455 /page-threat-model.php | |
| parent | 72fd5fa9c101e91ce935fe8f98fc2ed5864337e3 (diff) | |
Add bruteforce text
Diffstat (limited to 'page-threat-model.php')
| -rw-r--r-- | page-threat-model.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/page-threat-model.php b/page-threat-model.php index b49f967a..f61c9669 100644 --- a/page-threat-model.php +++ b/page-threat-model.php @@ -36,3 +36,6 @@ in those disabled features as not bounty-worthy.</p> <h3>User enumeration</h3> <p>We don't consider user enumeration a security risk as for convenience and for features such as Server-to-Server sharing this is an expected behaviour.</p> + +<h3>Brute force of credentials</h3> +<p>At the moment we don't consider bruteforcing of credentials or a missing password treshold eligible vulnerabilities. In the case of Nextcloud we currently expect people to protect their instance using measures such as fail2ban. We're however working on adding a native anti-bruteforce protection.</p> |