No Rate Limiting on stats.nextcloud.com login

Disclosed: 2016-06-22 11:40:19 By japz To nextcloud
Unknown
Vulnerability Details
There is no defenses or any lockout mechanism on stats.nextcloud.com login , a malicious minded user can continue guessing an account password limitless, and this might cause to completely compromised the site. __Recommendation: Put a rate limit or a any lockout mechanism__ Regards Japz
Actions
View on HackerOne
Report Stats
  • Report ID: 146424
  • State: Closed
  • Substate: informative
  • Upvotes: 11
Share this report