Comment 10 for bug 1688137

Revision history for this message
Samuel de Medeiros Queiroz (samueldmq) wrote : Re: Attacker may use PCI-DSS 8.1.6 and 8.1.7 to lock out users indefinitely

I am working on a patch for this bug and I have a question: is it okay to keep emitting a CADF notification with reason "The account is locked for user: <user_id>" ?

I assume it is, since that is not a message for final users (unless there is a system somewhere consuming it and giving it to users, but that is a different conversation and workflow).