Last Modified: Apr 10, 2019
Opened: Jan 26, 2017
ASM counts failed login attempts per session (browser cookie) and blocks an end user if the number of failed exceeds a predefined threshold (default 5). If an ASM end user makes a successful login before the number of failed attempts reaches the threshold, the counter of failed attempts resets to zero.
An ASM end user allowed to do a number of failed logins higher than threshold. This happens only in when that APM end user sent a successful login before number of failures hits the threshold.
ASM policy attached on the virtual server and brute force session-based feature is configured along with the login page.
Session-based brute force now handles this issue.