We have enter wrong password 25 times, but kibana is still able to login the user. Is there any configuration to block user if user enter wrong password multiple times?
Which security realm are you using? Afaik the local user database has no feature to block users after entering wrong password multiple times. Try using ldap, ad or saml.
Also external services should use technical users and tokens to access Jenkins and not passwords.