The password_reset.request.max_attempt is used to control the maximum number of unsuccessful attempts that a user can reset or change their password before being locked out for a specified period of time.

More information

Attribute	Description
Property name	password_reset.request.max_attempt
Configuration type	System Properties (/sys_properties_list.do)
Category	Authentication
Purpose	Denotes the maximum number of unsuccessful password reset attempts that can be taken before the user is locked out of password reset process. The lockout period is determined by the value in password_reset.request.max_attempt_window.
Recommended value	Set to a positive integer value less than three. The default value is 3. When you determine the limit for the upper range of the property, consider the task that the user is performing.
Configuration type	Positive integer values
Security risk	(High) If the property is not set to the recommended value of "3" or other reasonable small value, then it could be possible to perform a brute force attack against the password reset process.
Security risk rating	7.5
References	Configure Password Reset properties