IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace Store Engagement
Categories Security
Created by Guest
Created on Aug 25, 2023

RELATED IDEAS

Add captcha in the IBM Sterling Store Engagement Application Login Screen for additional security

Problem Description:


During the security testing, it was found that the login mechanism used by the Store application did not prevent automated attacks. This fact could be demonstrated by attempting to brute-force the login credentials of a testing account, where after 100 failed attempts, authentication would still be allowed by submitting valid credentials.



This scenario allows the possibility of an attacker attempting to guess the credentials of a victim user’s account.



Solution Recommendation:


Our Info Security team recommended -> A general solution for this problem is to implement a CAPTCHA to prevent automated attacks.

What is your industry? Consumer Products
How will this idea be used?

If captcha is implemented, it can prevent bots from performing brute/reverse brute force attacks if the attacker gets a hold of username or password. With the current implementation of using just username/password to access the Store application, it poses a security risk. In the times, when almost most of the enterprise applications use captcha or employ MFA to prevent such risks, it's necessary to be in line with the security threats that could be prevented in the near future.
  • Guest
    Reply
    |     Sep 29, 2023

    Hi Jason,

    Currently we are also migrating to Containerized deployments and the ISF application (from the Legacy WSC application).

    Q1. Is IDP integration being also released / enabled for ISF/Sterling Store 2.0 ?

    Q2. When will the support for enabling SSO for ISF/Sterling Store 2.0 be available along with the process of enabling the same ?


    Thanks & Regards,

    Rachna Chadha

    1 reply
  • Admin
    Jason Cheng
    Reply
    |     Sep 20, 2023

    Hi Rachna,

    Store on-prem supports login authentication such as ADFS, OktaID, Google ID, IBM ID, which can provide you with additional security. I would recommend you explore these options first.

  • Guest
    Reply
    |     Sep 19, 2023

    Hi Team, Any update on this RFE ?

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.