Walmart, CNN, ESPN, and Soundcloud are among the apps allowing unlimited guessing.
by Dan Goodin (US) - Jul 16, 2015Smartphone apps from Walmart, CNN, ESPN, and dozens of other organizations put user accounts at risk of compromise because they allow attackers to make an unlimited number of login attempts, according to recently published research.
Security experts have long recognized the benefit of limiting the number of unsuccessful login attempts that users can make to online accounts. While such limits make it possible for attackers to lock out legitimate users, such denial-of-service drawbacks are generally outweighed by the protection they provide against online password cracking attempts, in which attackers make huge numbers of password guesses against specific user accounts in the hopes of trying the right one. Until last September, Apple's iCloud service failed to limit the number of login attempts to that service, a shortcoming that may have contributed to last year's mass celebrity hack and nude photo thefts.
Full Article
