[Feature Request] Implement rate-limiting for PIN attempts #1395

New Issue

Closed

opened 2026-04-05 19:20:04 +02:00 by MrUnknownDE · 0 comments

MrUnknownDE commented 2026-04-05 19:20:04 +02:00

Owner

Copy Link

Originally created by @kmanwar89 on 6/6/2025

Pangolin allows an optional 6-digit PIN for authenticating through SSO. Modern hardware and GPU's can crack 6-digits (100000 values) in mere seconds. From ChatGPT:

Here are some estimated cracking times for a 6-digit numerical PIN using modern hardware:

CPU:
Intel Core i9-11900K: around **10-30 seconds** to crack the PIN (using brute-force algorithms)
AMD Ryzen Threadripper 3970X: around **15-45 seconds** to crack the PIN

GPU:
NVIDIA GeForce RTX 3080 Ti: around **1-3 seconds to crack the PIN** (using GPU-accelerated cryptanalysis tools)
AMD Radeon Instinct MI60: around **2-6 seconds to crack the PIN**

Is it possible to implement rate-limiting within Pangolin to prevent these types of brute-force attacks? It would need to be aggressive, to the point that 2 or more failures results in a significant cooldown to prevent modern hardware from cracking it.

The alternative could be to allow special characters, pair the PIN with a 2FA of some sort, or eliminate the PIN altogether. Curious on what the developer's thoughts are on this, thanks!

*Originally created by @kmanwar89 on 6/6/2025* Pangolin allows an optional 6-digit PIN for authenticating through SSO. Modern hardware and GPU's can crack 6-digits (100000 values) in mere seconds. From ChatGPT: ``` Here are some estimated cracking times for a 6-digit numerical PIN using modern hardware: CPU: Intel Core i9-11900K: around **10-30 seconds** to crack the PIN (using brute-force algorithms) AMD Ryzen Threadripper 3970X: around **15-45 seconds** to crack the PIN GPU: NVIDIA GeForce RTX 3080 Ti: around **1-3 seconds to crack the PIN** (using GPU-accelerated cryptanalysis tools) AMD Radeon Instinct MI60: around **2-6 seconds to crack the PIN** ``` Is it possible to implement rate-limiting within Pangolin to prevent these types of brute-force attacks? It would need to be aggressive, to the point that 2 or more failures results in a significant cooldown to prevent modern hardware from cracking it. The alternative could be to allow special characters, pair the PIN with a 2FA of some sort, or eliminate the PIN altogether. Curious on what the developer's thoughts are on this, thanks!

MrUnknownDE closed this issue 2026-04-05 19:20:04 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/npm_and_yarn/dev-minor-updates-b4e5d6b9c5

revert-2766-feature/systemd-install-instructions

dependabot/npm_and_yarn/prod-patch-updates-05702d39f2

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

alerting-rules

private-site-ha

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4

1.15.4-s.1

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.1-s.1

1.15.2

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

Improvement

Improvement

Improvement

Improvement

Look Into

Security

Security

api

api

authentication

authentication

authentication

authentication

authentication

authentication

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

config

config

config

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

docker

docker

docker

docker

docker

documentation

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

go

go

go

go

go

go

go

go

go

go

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

networking

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

question

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

ui

ui

ui

ui

ui

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

MrUnknownDE

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pangolin#1395