we running SDM 12.7 and we have shared access to SDM to specified contractors over internet,
so I'm worry is there any protection against brute force (password enumeration)?
Also SDM have different AHD errors for invalid login and invalid password, this makes bruteforcing much easier for malefactor.
Another question is Web Services (AXIS), where is a lot of data published in free access and could be potential security leak.
For example here: