Qlik Community

QlikView Administration

Discussion Board for collaboration on QlikView Management.

Announcements
QlikWorld 2022, LIVE in Denver CO., May 16-19, 2022. REGISTER NOW TO RECEIVE EARLY BIRD PRICING
cancel
Showing results for 
Search instead for 
Did you mean: 
Gatis
Contributor
Contributor

Public Qlikview Access Point user Authentication with AD - User lockout vulnerability

Hi,

I have publicly facing Qlikview Access Point that authenticates domain users using Active Directory.

Access Point run by IIS.

Penetration testing revealed that it's vulnerable to DDoS attacks, where if someone found out usernames, they could lock out all Active Directory users by entering credentials incorrectly 3 times (Active Directory policy).

Is creating local users the only solution to fix this vulnerability, so at least in case of DDoS attack only Qlikview users would be affected not the whole domain users? Or is there any way how to resolve this issue? Maybe some kind of delay between login attempts?

Thank you

Gatis

0 Replies