Authentication failure messages
If an authentication attempt fails, the Automation Anywhere Enterprise platform does not specifically state if the username or password is incorrect. It only states that the supplied credentials are incorrect.
This is one critical information security requirement for Automation Anywhere Enterprise customers and defends the system against a brute force attack.
This authentication involves the following:
- Bot Creator, Bot Runner connection to Control Room
- User log in to the Control Room from the browser
- Connection from the Control Room to the SQL Server
All failed authentication attempts are logged. See Audit Logs for authorized user activity. Audit log access is provided as per Role-Based Access Control (RBAC) and Audit logs are made available on a read-only basis for all users.