Environment
Novell User Application 3.5
Novell User Application 3.0.1
Novell User Application 3.0.1
Novell User Application 3.0
Novell Identity Manager 3.5
Novell Identity Manager 3.5
Novell Identity Manager 3.0.1
Novell Identity Manager 3.0
Novell iManager 2.6
Novell iManager 2.6
Novell eDirectory 8.8 for All
Platforms
Novell eDirectory 8.7.3 for All
Platforms
Situation
With Intruder Detection enabled, if a users fails to login to the
User Application x amount of times (where x is the max value set in
Intruder Detection) then they receive an error message on the Login
stating:
Error: "Account restrictions prevent you from logging in. See your administrator for
more details."
With Intruder Detection enabled, if a user goes to the ForgotPassword area, submits their User ID, and then fails to answer their Challenge Set Questions correctly x amount of times (where x is the max value set in Intruder Detection), they do not receive an message on this page that their account is locked. The user can continue to enter answers to their Challenge Response Questions, even correct ones and never be able to go any further.
At that time, if the Administration looks at the user in question in iManager they will see that the user's account has been locked. Once this has occurred, if the user in question opens a new browser and tries to access the ForgotPassword area they will receive the following error after entering their User ID:
Error: "Challenge Response failed."
Error: "Account restrictions prevent you from logging in. See your administrator for
more details."
With Intruder Detection enabled, if a user goes to the ForgotPassword area, submits their User ID, and then fails to answer their Challenge Set Questions correctly x amount of times (where x is the max value set in Intruder Detection), they do not receive an message on this page that their account is locked. The user can continue to enter answers to their Challenge Response Questions, even correct ones and never be able to go any further.
At that time, if the Administration looks at the user in question in iManager they will see that the user's account has been locked. Once this has occurred, if the user in question opens a new browser and tries to access the ForgotPassword area they will receive the following error after entering their User ID:
Error: "Challenge Response failed."
Resolution
This behavior is a bug with versions 3.0, 3.0.1, and 3.5 of the
Novell User Application. Once the account has been locked by
Intruder Detection the user is not stopped from being able to try
and answer Challenge Set questions in the browser
session. To be addressed in a future release of the
Novell User Application.
This issue has been fixed in Novell User Application 3.5.1 patch B.
This issue has been fixed in Novell User Application 3.5.1 patch B.