Security Issues Resolved in 2022.02

The following security issue was addressed in the 2022.02 release.

Configuration Added for Locking Out Users after Successive Attempts to Reset Password

The following configuration parameters are now available to enable FlexNet Operations to lock out users after a succession of invalid attempts to reset their password:

•

System > Configure > Validators > Lock out user upon repeated password reset attempts—The option that, when enabled, locks out a user for a set amount of time after successive failed password-reset attempts. (The number of consecutive failed attempts is defined as part of the existing FlexNet Platform Server configuration, as described below.)

•

System > Configure > Validators > Lockout period after failed reset attempts—The number of minutes a user is locked out before allowed to reset password again. The lockout period begins immediately after the user’s last password-reset attempt.

These parameters work in conjunction with the following existing parameter, which sets the limit on the number of consecutive password-reset attempts allowed before a user is locked out.

System > Configure > FlexNet Platform Server > General Options > Consecutive Failed Authentications

This added functionality is part of an ongoing effort to improve overall FlexNet Operations security.