Micro Focus GroupWise: excess WebAccess login attempts to not block all access to GroupWise for a user

Currently WebAccess can be used as a form of DoS by repeated attempts to log into a user which stops the user from being able to get at their mail through the other methods. It isn't hard to find a target's WebAccess (just google for webacc or owa for such targeting samples)
What we need to fix is
A) a speed bump after a configurable # of failures (0-3) that you now need to deal with at least a CAPTCHA and/or some other secondary authentication check.
B) if a user still has too many login attempts from WebAccess, only lock WebAccess with appropriate logging

by: Andy K. | over a year ago | WebAccess

...shouldn't be that hard to code.

by: Mathias B. | over a year ago
This shouldn't be an enhancement request. It is a security issue that needs to be addressed if a product can be disabled due to a DoS attack!

by: Kevin B. | over a year ago
It is good to secure WebAccess as there are more and more attempts to break down user passwords

by: Daniel M. | over a year ago
This would definitely help with secure this service

by: Paul B. | over a year ago
The ability to block IP addresses would be useful, too, whether it be dynamic or manual, or a combination of both.

by: Dawn D. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

20

excess WebAccess login attempts to not block all access to GroupWise for a user

Comments