Overview
This article explains a potential cause of the following log entry with the below description of “type”: “limit_sul”:
Too many logins with the same username
The full log looks similar to:
{
"date": "2024-03-08T03:55:51.629Z",
"type": "limit_sul",
"description": "Too many logins with the same username",
"connection": "testdatabase",
"connection_id": "<connection ID>",
"client_id": "<client ID>",
"client_name": "<client name>",
"IP": "<IP Address>",
"user_agent": "Chrome 119.0.6045 / Windows 10.0.0",
"hostname": "<hostname>",
"user_id": "",
"user_name": "<username>",
"$event_schema": {
"version": "1.0.0"
},
"log_id": "90020240308035551765460000000000000001223372045977689948",
"_id": "90020240308035551765460000000000000001223372045977689948",
"isMobile": false,
"id": "90020240308035551765460000000000000001223372045977689948"
}
The description differs from those triggered by Suspicious IP Throttling or Brute Force Protection.
Applies To
- Database Login Limits
Cause
Making more than 20 login requests on the New Universal Login Page with the same IP and username or email address (typically using automation tools such as Selenium, Playwright, etc.) will trigger the Too many logins with the same username error*.*
This error in the logs means that the Database Login Limit blocks a user from making the request but the account does not get blocked from this rate limit. Please see the Database login limits.
Solution
If an error is observed during the load or penetration tests, reduce the request frequency to keep it below the limit.