# Improper Restriction of Excessive Authentication Attempts (CWE-307) The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. **Stack:** Go - Prevalence: Hoch Häufig ausgenutzt - Impact: Mittel Review empfohlen - Prevention: Dokumentiert 5 Fix-Beispiele **OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7 ## Description Without a limit on the number of failed authentication attempts, an attacker can systematically guess user credentials through brute-force or dictionary attacks. ## Prevention ### Go Add rate limiting middleware to Chi auth endpoints using x/time/rate Add rate limiting middleware to prevent brute force attacks on Echo auth endpoints Add Fiber limiter middleware to prevent brute force attacks on auth endpoints ## Warning Signs - [MEDIUM] ... ... lacks rate limiting protection ## Consequences - Privilegien erlangen - Schutzmechanismus umgehen ## Mitigations - Kontosperrungs-Richtlinien nach mehreren Fehlversuchen einführen - Nach Fehlversuchen progressive Verzögerungen oder Captchas einsetzen - Ungewöhnliche Authentifizierungsmuster überwachen und alarmieren ## Detection - Total rules: 5 - Languages: go ## Rules by Language ### Go (5 rules) - **Missing Rate Limiting in Chi Router Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Echo Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Fiber Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Gin Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Gorilla Mux Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks.