Set maximum login attempts

By default you have 3 attempts to log into Dradis before your account is locked, to prevent brute-force attacks on your Dradis instance. Depending on your team, Dradis deployment type, and your workflow, you may want to increase or decrease the maximum login attempts allowed by Dradis before an account is locked. To change the max login attempt count:

  1. Sign in as an Admin
  2. Navigate to Settings in the header
  3. Under the Misc tab, chance the value of the Admin : Max Login Attempts field (default value = 3)

Reminder: local changes will be overwritten the next time you upgrade. If you make any local changes, make sure to re-apply them every time you upgrade Dradis.

Unlocking an account

If a user exceeds the allowed number of login attempts to Dradis, their account will be locked. In that case, to unlock the account, the account password will need to be reset. This can be done by the user themselves using the Forgot my Password! option on the Dradis login page.

This presupposes that you have configured the mail server for Dradis. If you have not done so, an Admin can edit the account to reset the user's password, and you can reset the user's count of login attempts through the command line. You will need to locate the user ID of the specific user (e.g. /pro/admin/users/123/edit; you can see this when logged in as your other Admin user, browsing to the "Users" tab, and hovering over the "Edit" button for your locked user) and sub it in for 123 in the example below:

  $ cd /opt/dradispro/dradispro/current/
  $ RAILS_ENV=production bundle exec rails console
  irb> u = User.find(123)
  irb> u.preferences.failed_auth_count = 0
  irb> exit

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.