The login of Hotor Not is Vulnerable to bruteforce.
High
Vulnerability Details
I was able to validate that The Login of HotorNot is Vulnerable to BruteForcing .
Steps to reproduce:
1. https://hotornot.com/signin
2.Use Burp intruder attack for BruteForcing
3.Send as many requests you want.
Fix:
Proper mitigation of BruteForcing should be done using Ratelimitng etc implementation.
## Impact
If attacker successfully Bruteforces the he/she might takeover it.Which might lead in users Privacy Violation
Actions
View on HackerOneReport Stats
- Report ID: 744692
- State: Closed
- Substate: resolved
- Upvotes: 58