yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2060972] [NEW] Include bad password details in audit messages

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Boris Bobrov <2060972@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Apr 2024 13:44:54 -0000
Reply-to: Bug 2060972 <2060972@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

PCI DSS requires operators to analyze failed login attemps, for example,
to catch bruteforce or password stuffing attacks. To achieve that, allow
keystone to report details about the bad credentials used in the failed
authentication attempts.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2060972

Title:
  Include bad password details in audit messages

Status in OpenStack Identity (keystone):
  New

Bug description:
  PCI DSS requires operators to analyze failed login attemps, for
  example, to catch bruteforce or password stuffing attacks. To achieve
  that, allow keystone to report details about the bad credentials used
  in the failed authentication attempts.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2060972/+subscriptions