# Improper Restriction of Excessive Authentication Attempts (CWE-307) The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. - Prevalence: High Frequently exploited - Impact: Medium Review recommended - Prevention: Documented 5 fix examples **OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7 ## Description Without a limit on the number of failed authentication attempts, an attacker can systematically guess user credentials through brute-force or dictionary attacks. ## Prevention ### Go Add rate limiting middleware to Chi auth endpoints using x/time/rate Add rate limiting middleware to prevent brute force attacks on Echo auth endpoints Add Fiber limiter middleware to prevent brute force attacks on auth endpoints ## Warning Signs - [MEDIUM] ... ... lacks rate limiting protection ## Consequences - Gain Privileges - Bypass Protection Mechanism ## Mitigations - Implement account lockout policies after multiple failed attempts - Use progressive delays or captchas after failed attempts - Monitor and alert on unusual authentication patterns ## Detection - Total rules: 5 - Languages: go ## Rules by Language ### Go (5 rules) - **Missing Rate Limiting in Chi Router Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Echo Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Fiber Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Gin Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks. - **Missing Rate Limiting in Gorilla Mux Application** [MEDIUM]: Authentication endpoints lack rate limiting protection. - Remediation: Add rate limiting middleware to prevent brute force and DoS attacks.