lin-cms-flask icon indicating copy to clipboard operation
lin-cms-flask copied to clipboard
verified publisher icon TaleLin

Login brute force Vulnerability in Latest Release

Open HatBoy opened this issue 6 years ago • 2 comments

Hi, I would like to report login brute force vulnerability in latest release.

Description: Login brute force vulnerability in app/api/cms/user.py 43 line login() function. No need to limit the number of logins and set the verification code will cause the username and password to be brute force, like this: 1 author by [email protected]

HatBoy avatar Mar 14 '19 13:03 HatBoy

Thank for your advice, We will deal with this bug in the next release.

colorful3 avatar Mar 14 '19 14:03 colorful3

Hi @colorful3 @HatBoy, Was this issue fixed? if so, in what commit and what tag/version? thanks!

OS-WS avatar Aug 17 '21 08:08 OS-WS