Blocked account although no failed login attempts recorded

hi, a user reports that he has trouble to log in. auth0 told him to use wrong username/password combination plenty of times. he suspected and error because he was kind of certain about the combination.

i checked our logs. i see recorded twice, that the respective user is supposed to have unsuccessfully attempted to log in 1 consecuitve times. the brute force prevention is turned off in our account thoug, so it didn’t actually lock his account neither time.

but here is what gets me confused: before I see the log entry “account brute force suspicion: 10 failed attempts”, there are NO failed attempts for that user recorded at all. I went through all the failed attempts before the “brute force suspicion” and all of them refered to different users. none of the referred to the respective user.

can anyone help with this?

Can’t anyone help with this?

One of our developers suspected the auth0 logs to eliminate single failed attempts whenever they sum up to 10 consecutive, which would be the only reason for me not finding failed-attempt-entrys prior to the “10 failed in a row”-entry…

can anyone confirm this?

Hey there @tgpododesk, I would like to help you with the issue you are running into but I need a little bit more information.

  • When you get a minute can you DM me the username of the user experiencing this issue and your tenant name?

  • Do you happen to know the environment the user is having the failed logon experience from?

  • Do you have the workflow documented to reproduce the error? If so, it would be very beneficial to snag a HAR file during the recreation process when running into the error. We have a terrific doc that dives into working with HAR files here.

  • How and what version do you have Auth0 implemented into your application?

I know that’s a lot of questions but I appreciate your help as we work to troubleshoot what may be going on here. There should be a record of those failed attempts of logging in and the HAR file will help capture what’s going on during the login process. Thanks in advance!

Hi James,

thank you for offering help.

Unfortunately, I can bearly answer any of your questions.

  • I could of course hand the username.
  • I suspect the environment to be google chrome on mac OS, and might be able to verify precisly, if that would essentially help to solve the problem.
  • the “workflow to reproduce the error” is (un)fortunately not existant, because the “error” (not beeing able to log in) is currently gone… and the other “error” (failed attempts don’t show in logs) does not persist, because I do have failed attempts in there, and I can also force such occurence by doint an unsuccessfull attempt myself. It was just the occurance of that one user for the first time, that single attempts were missing, although the “block” events were shown, and the user did report a bunch of single failed attempts to us.
    furthermore, this is currently not reproducable with another user. I just fired 10 consecutive intentionally failed attempts, and they all show in the logs, together with the block-event.
  • I am not aware “how and what version of auth0” is implemented in our application… can you guide me how to find that out (if it is possible via the auth0 dashboard?)?

Is there any chance to investigate anything without reproduceability of the error, and without HAR file?


@tgpododesk Looking over your tenant I don’t see anything wrong that jumps out at me with how it’s setup. With the the problem not really being reproducible or currently present, it makes it difficult to move forward with troubleshooting it.

However I am glad to hear everything is working as expected now. I will keep this thread open for the next couple weeks in case the error resurfaces and we can gather more data from the field. Be sure to let us know if you end up having any more questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.