KB20843 - How to modify the global settings for login failure lockout rate, login attempts, and lockout period
KB40987 - User unable to login due to realm due to user limit restriction with the message "Login failed. Reason: Max Session Per User" in the user access log
KB14021 - Best practice recommendation: Active Directory/Windows NT authentication server: Which authentication protocol (Kerberos, NTLMv2 and NTLMv1) should be enabled to avoid account lock-out issues?
SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX
KB40430 - How to switch an Active Directory authentication server instance from Legacy mode to Standard mode
KB12476 - Windows login fails when correct credentials are entered after a failed 802.1X authentication
KB40682 - Active Directory authentication server 'XXXX': No logon servers are currently available. Device could not connect to any domain controller of the domain
SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)
KB12046 - How to follow an EAP authentication through the radius log file
KB16778 - How to avoid the Admin user being unable to login when the number of concurrent users signed in to the system has exceeded the system limit
What would you like to know?
< Back to search results
KB44188 - Attacker can exhaust the invalid login attempt limit for user account
Last Modified Date
10/11/2019 5:52 AM
This article describe an issue, where attacker can cause account lockouts if any attacker tries invalid attempts on users account with wrong password.
Problem or Goal
If PCS is configured with Active Directory/LDAP Authentication, attacker can lockout users account, if they try to enter wrong password for multiple accounts.
This issue is being investigated by engineering. This KB article will be updated often with fix details.
As a workaround, administrator can either use Multi factor authentication (Radius/RSA) or Certificate authentication as a prevention.
Was this article helpful?
Please tell us how we can make this article more useful.