Account Lockout Abuse
Variants:
Direct
Also Known As:
Account Lockout Attack, Overly Restrictive Account Lockout Policy, Inducing Account Lockout
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Account Lockout
Invented In:
01/01/1999
Added In:
17/12/2014
Vector Operation Method:
An overly restrictive account lockout mechanism enables attackers to abuse it to cause denial of service, by intentionally causing the lockout of valid user accounts.
