Configure paranoid mode for user login authentication
conf.user configure authentication paranoid_mode
[true|false]
Product
Guardian
Description
Paranoid mode in authentication is enabled by default. It is used to control the disclosure of information about the existence of a user during the login authentication process and to normalize the login response time. When this setting is disabled, after several failed login attempts, the user is warned with a message about the remaining attempts before the account gets locked. As a consequence, the user information can be leaked. However, when this setting is enabled, there is no warning message and thus no potential for user information leak.
Where to apply
CLI
How to apply
In a shell console execute: service webserver stop