No Captcha or rate limit on Login Page
Unknown
Vulnerability Details
Hello ReddApi Security Team,
#Vulnerability Detail's:-
Login page can be brute forced due to lack of captcha or backoff
#Impact:-
An attacker can bruteforce for a particular username and can get a possibly a account takeover.
#POC:-
I have made a proof of concept video of the same:- https://www.youtube.com/watch?v=zX0jXkMqiCo
The above video is unlisted.
#Countermeasure:- Implement a Captcha
With Regard's
Aditya Agrawal
Actions
View on HackerOneReport Stats
- Report ID: 6697
- State: Closed
- Substate: resolved
- Upvotes: 5