Setting a Uniform Response Time

If you login to the ESA Web UI with invalid credentials, then the time taken to respond to various authentication scenario failures, varies. The various scenarios can be invalid username, invalid password, expired username, and so on. This variable time interval may introduce a timing attack on the system.

To reduce the risk of a timing attack, you need to reduce the variable time interval and specify a response time to handle invalid credentials. Thus, the response time for the authentication scenarios remains the same.

The response time for the authentication scenarios are based on different factors such as, hardware configurations, network configurations, and system performance. Thus, the standard response time would differ between organizations. It is therefore recommended to set the response time based on the settings in your organization.

For example, if the response time for a valid login scenario is 5 seconds, then you can set the uniform response time as 5.

Enter the time interval in seconds and select OK to enable the feature. Alternatively, enter 0 in the text box to disable the feature.

• ←Previous
• Next→

Last modified February 7, 2025