000022490 - RSA ACE/Server users' tokens are disabled after 3 bad login attempts

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000022490
Applies ToRSA ACE/Server
RSA Authentication Manager 6.x
UNIX (AIX, HP-UX, Solaris)
Microsoft Windows
IssueRSA ACE/Server users' tokens are disabled after 3 bad login attempts
Error: Good Tokencode/Bad PIN Detected

Evasion-of-Attack Feature


Event detected

RSA ACE/Server response

Three incorrect PASSCODEs
composed of an invalid PIN but
valid SecurID Tokencode.

Assumes that an unauthorized person has
the token and is guessing PINs and
disables the token immediately.

NOTE: This is 'Function As Designed'; RSA Security, Inc. does not supply a method for Administrators to modify this setting.

ResolutionIt is possible that the user forgot their PIN or may be using a correct PIN for a different token (e.g. using the wrong key to open this lock). The following steps will help correct this issue:

1. Check that the user is using the serial number token assigned to the account they are logging in with

2. Clear the PIN for this token and explain the PIN parameters (see the solution regarding How to specify whether the System or the Users will create PINs; How todisallow users to select computer generated PINs for more information)

3. With the log monitor running, have the user attempt to authenticate again assigning themselves a new PIN.

NOTE: If you receive "Good Tokencode/bad PIN detected" only one time then receive the message "Token disabled, suspect stolen" in your log, you should look at Error: 'Token disabled  suspect stolen' after only one 'Good tokencode/bad PIN detected'.
Legacy Article IDa20593