Auth0 Home Blog Docs

Response returned after brute force triggered is wrong

active-directory
api
api-authorization
brute-force

#1

Hello,
After 10 unsuccessful login attempts, brute force was triggered and the user was blocked in AD(enterprise connection). When I tried to login now with correct credentials the response in the API call shows invalid username/password instead of blocked account. Please find attached the screenshots for the API response and Auth0 logs.![alt text][1]![alt text][2].

The API Call I am using for login is oauth/token


#2

A reason for this would be if the Block Login Attempts setting is not enabled for Anomaly Detection; The Blocked Account log entry appears in the logs regardless of whether this is enabled or not. Opening the log entry should show you additional information, e.g

![alt text][1]

Note the

Brute force protection is disabled for
this connection, user is not locked.

Please ensure that the Block Login Attempts option is enabled in the Anomaly Detection settings:

Dashboard > Anomaly Detection > Brute Force Protection > Block Login Attempts


#3

Thank you for the quick response. The Block Login Attempts is already enabled in my case. Please find attached the screenshot of the settings.

The user is blocked after brute force is triggered but the api response shows invalid username password, instead of user blocked. My client would like to know if the user is blocked or the user typed wrong credentials. PFA the screenshot of the response(correct credentials after block) .
![alt text][1]
![alt text][2]


#4

I haven’t been able to reproduce this on my end - can you confirm which Auth0 endpoint is being called for the authentication requests. Please also try capturing a HAR file of an authentication request after the block is applied:
https://auth0.com/docs/har

Please remove any passwords or sensitive information from the file before sending it through.


#5