You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Sean Hulbert <sh...@securitycentric.net.INVALID> on 2023/02/20 21:34:20 UTC

questions

Hello,

 

Have a couple of questions with Guacamole 1.4.0

 

1. Is there a way to enforce password complexity at the web login.  (MFA
enabled)

We had a penetration test done and they were able to update the password
using Burp suite. 



 

My assumption is that we allowed the permission for the user to change their
own password in WebUI is why they were able to update via burp suite,
however if there is a way to enforce 12+ characters length on passwords that
would be a start.  

 

Thank You

Sean

Re: questions

Posted by Michael Jumper <mj...@apache.org>.

On Mon, Feb 20, 2023, 1:34 PM Sean Hulbert
<sh...@securitycentric.net.invalid> wrote:

> Hello,
>
> Have a couple of questions with Guacamole 1.4.0
>
> 1. Is there a way to enforce password complexity at the web login.  (MFA
> enabled)
>
>
https://guacamole.apache.org/doc/gug/jdbc-auth.html#enforcing-password-policies

> We had a penetration test done and they were able to update the password
> using Burp suite.
>
The screenshot shows a user logging in, not updating their password.

- Mike