Minimize reset password request success window duration
The password_reset.request.success_window property controls the number of minutes a user must wait to reset or change their password again after successfully resetting the password. The user will be blocked to reset the password again for the specified duration.
If the password_reset.request.success_window system property isn't set to the recommended value of 1440 or less, then the opportunity of someone else abusing the password reset functionality to gain unauthorized access to a user account is increased.
Ensure the property password_reset.request.success_window is set to 1440 or less.
More information
| Attribute | Description |
|---|---|
| Configuration name | password_reset.request.success_window |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Integer |
| Recommended value | An integer less than or equal to 1440 |
| Default value | <none> |
| Fallback value | 1440 |
| Category | Authentication |
| Security risk |
|
| Functional impact | None |
| Dependencies and prerequisites | None |