hi, a user reports that he has trouble to log in. auth0 told him to use wrong username/password combination plenty of times. he suspected and error because he was kind of certain about the combination.
i checked our logs. i see recorded twice, that the respective user is supposed to have unsuccessfully attempted to log in 1 consecuitve times. the brute force prevention is turned off in our account thoug, so it didn’t actually lock his account neither time.
but here is what gets me confused: before I see the log entry “account brute force suspicion: 10 failed attempts”, there are NO failed attempts for that user recorded at all. I went through all the failed attempts before the “brute force suspicion” and all of them refered to different users. none of the referred to the respective user.
can anyone help with this?