1623

Issue:

User keyfile is not locked after exceeding the maximum number of failed pre-boot logon attempts.

Symptom:

If the end user performs a physical forced shut down of the device (e.g. pressing and holding the power button), SecureDoc fails to properly track the failed login attempts. This behavior is not seen when the end user does a soft reboot of the device (e.g. CTRL ALT DEL).

In some rare case scenarios:  
End user press Ctrl+Alt+Del, and released the Ctrl and Alt buttons but still holds down the DEL key, a series of  “###” symbol appears at the black screen during the reboot.
If this happens, SD also fails to count the login attempts

Probable Causes:

If the SUSAM mode is enabled then it will fail to log the number of attempts at boot logons should the end-user performs a physical shutdown of the device rather than doing a soft reboot.

Product version affected:

SD versions 6.5 and 7.1 SR1 (Reported to failed in PBL and PBU but not PBLU)
 
Environment (OS/hardware/software):

Device: Legacy and UEFI
Windows 7 OS 64 bits
Using Non-admin account

Limitation:

If SUSAM is enabled then it will fail to track the number of attempts at boot logons should the end-user do a physical shutdown of the device. However, if the end user does a grace reboot of CTRL ALT DEL then it counts and logs the fail login password attempts.

Workaround:

The current configuration of the maximum login attempts is not working as expected in 7.1SR1.
In the interim, please disable SUSAM in the profile.

NOTE: If SUSAM feature is required for SD to work on some devices, then a permanent solution is still pending.  

Resolution:

This fix will be resolve in future version of SD.

Internal Reference:

SD-16918