butt0n
butt0n
The "Lost Password" page returns "The email address you supplied is not registered on the system" when an email address that is not registered is entered into the form. This...
### Description [CWE-307: Improper Restriction of Excessive Authentication Attempts](https://cwe.mitre.org/data/definitions/307.html) An attacker can easily utilize `Plogin` to ***Brute Force*** a valid user's passwords. ### Details The `Plogin` function in `sb-callback.php` is...
### Description [CWE-288: Authentication Bypass Using an Alternate Path or Channel](https://cwe.mitre.org/data/definitions/288.html) An attacker can bypass Steam's OpenID authentication on installations that have disabled "Normal Login". ### Details The `Plogin` function...