Authentication failure messages
If an authentication attempt fails, the Automation 360 platform does not specifically state if the username or password is incorrect. It only states that the supplied credentials are incorrect.
This is one critical information security requirement for Automation Anywhere customers and defends the system against a brute force attack.
This authentication involves the following:
- Bot Creator, Bot Runner connection to Control Room
- User log in to the Control Room from the browser
- Connection from the Control Room to the SQL Server
All failed authentication attempts are logged. See Audit logs. Audit Log access is provided as per RBAC and audit logs are made available on a read-only basis for all users.