Brute force vulnerabilities and solutions

Modified on Wed, 6 Mar at 10:36 PM

What is Login brute force vulnerability and how do we prevent it in Smarten?


A brute-force attack is when anyone uses a system of trial and error in an attempt to guess / discover user credentials. These attacks are typically automated using wordlists of usernames and passwords.

In any application, if there is no limit provided on entering wrong passwords, this can lead to login bruteforce and considerably increase the efficiency of such attacks. The account can be hacked this way.


To overcome such vulnerabilities, in Smarten, we can restrict the number of attempts for login.

MAXIMUM_NO_OF_ATTEMPTS parameter has to be defined in default.conf file under smarten folder (wildfly/standalone/deployments/smarten.war/conf/default.conf).

Please refer to the below article for more details.


Also, locking an account offers a certain amount of protection against targeted brute-forcing of a specific account. If the number of wrong password attempts exceeds or if the user enters wrong password more times than the specified value, then the smarten users will be made inactive temporarily for 2 hours as shown below. 


For e.g. If the number of wrong attempts to be set as 5, open default.conf file and set the parameter value as ‘MAXIMUM_NO_OF_ATTEMPTS=5’.





Please refer to Application Security Implementation Manual to learn more.

Note: This article is based on Smarten Version 5.x. This may or may not be relevant to the Smarten version you may be using.

Security Smarten Login bruteforce Login Bruteforce Password attempts passwords Vulnerability

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article