WordPress.org

Forums

Login Security Solution
[resolved] Blackberry App login failures not logged (5 posts)

  1. Friso
    Member
    Posted 2 years ago #

    I just tested the effectiveness of the logging functionality when logging in via the WordPress Blackberry App. Apparently, failed logon attempts are not logged then.

    Could this mean that the logon procedure used by the BlackBerry App (I think it uses XML-RPC) can be abused for circumventing LSS when performing brute force attacks?

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 2 years ago #

    Good catch. Thank you for letting me know about that. I looked into it when you wrote, but haven't had a moment to reply. I have some ideas about how to fix it and will incorporate it into the next release.

  3. Friso
    Member
    Posted 2 years ago #

    Thanks. I think the iPhone and iPad app use the same way of communication, so I guess you don't need a blackberry to test it.

    As a workaround I now use the 'Disable XML-RPC' plugin to disable XML-RPC completely.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 2 years ago #

    Version 0.37.0, released a few minutes ago, now monitors XML-RPC requests! Thank you so much for bringing this to my attention. Sorry it took so long to fix. It required a major rewrite of the plugin and I don't have much free time.

  5. Friso
    Member
    Posted 2 years ago #

    Great. Installed it, checked it with my blackberry and it works like a charm!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Login Security Solution
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic