WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Blackberry App login failures not logged (5 posts)

  1. Friso
    Member
    Posted 1 year ago #

    I just tested the effectiveness of the logging functionality when logging in via the WordPress Blackberry App. Apparently, failed logon attempts are not logged then.

    Could this mean that the logon procedure used by the BlackBerry App (I think it uses XML-RPC) can be abused for circumventing LSS when performing brute force attacks?

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Good catch. Thank you for letting me know about that. I looked into it when you wrote, but haven't had a moment to reply. I have some ideas about how to fix it and will incorporate it into the next release.

  3. Friso
    Member
    Posted 1 year ago #

    Thanks. I think the iPhone and iPad app use the same way of communication, so I guess you don't need a blackberry to test it.

    As a workaround I now use the 'Disable XML-RPC' plugin to disable XML-RPC completely.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 11 months ago #

    Version 0.37.0, released a few minutes ago, now monitors XML-RPC requests! Thank you so much for bringing this to my attention. Sorry it took so long to fix. It required a major rewrite of the plugin and I don't have much free time.

  5. Friso
    Member
    Posted 11 months ago #

    Great. Installed it, checked it with my blackberry and it works like a charm!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic