WB-D-1 — Brute-force WebAuthn login to trigger lockout for legitimate users
Component: Wallet Backend. Mitigations: Sliding window rate limit: 10 attempts/60 s, 300 s lockout; failed attempts cost 2 tokens. Action: None required.
| Property | Value |
|---|---|
| Section | Denial of Service |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-02 | Input Validation and Injection Prevention |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md