Created dateUpdated dateAffects versionFix version

 

 

Management Console 3.6.0 (and newer)

N/A

Description

Logging in to Blancco Management Console (BMC) or Blancco Cloud, it returns an error message "User account is locked" as captured in this screenshot.

This is caused by "brute force attack prevention" function of Management Console that was implemented in BMC version 3.6.0.

Brute force attack prevention:

  • If a user fails to log in 10 consecutive times, the user will be locked out for 10 minutes.
  • At the same time,
    • BMC will send an email to the user's email address informing that the account has been locked.
    • BMC will send an email to admin to inform of the brute force attack incident. (Only available from BMC 3.6.0 to BMC 4.7.0)

Please note that the SMTP server settings need to be configured in order for the emails to be sent when using on-premise version of Management Console. These settings can only be configured by the admin user under the "Administration"-tab.

Step by step instructions

Once a user account is locked, it lasts for 10 minutes, and it cannot be unlocked even by the admin user.

The user has to wait for at least 10 minutes until the lock will get disabled automatically.

If the user has forgot the correct password, then it is possible to reset the password by using "Forgot password" link.

If either user's email address or the email server settings (SMTP) are not properly configured, the user has to contact admin user to ask for password resetting.

How to monitor brute force attempts from the logs (for administrators)

When brute force attack prevention starts, MC will print out several messages related to the action into its "main.log". For example:

2020-02-26T13:37:16.162+02:00 [bmc-thread-2] INFO  com.blancco.mc.spring.security.AuditLoggingAuthenticationFailureHandler - Login failure for user1 when attempting to log in from IP_ADDRESS
2020-02-26T13:37:19.978+02:00 [bmc-thread-3] INFO  com.blancco.mc.security.BruteForcePreventionServiceImpl - Locking user user1; failed login attempts reached 10 while the threshold is 10
2020-02-26T13:37:19.989+02:00 [bmc-thread-3] INFO  com.blancco.mc.service.communication.EmailServiceImpl - Send user locked email to the user's (user1) email (address: user@email.com); locked out for 10 minutes
2020-02-26T13:37:29.307+02:00 [bmc-thread-1] INFO  com.blancco.mc.security.BruteForcePreventionServiceImpl - User user1 has been locked out, remaining lock out time: 590670 ms
  • No labels