flatpress icon indicating copy to clipboard operation
flatpress copied to clipboard

Published 20 hours ago verified publisher icon flatpressblog

Improper Restriction of Excessive Authentication Attempts

Open melbinkm opened this issue 3 years ago • 2 comments

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

Tested the login function with 100+ wrong passwords and found that there is no restriction implemented to control excessive authentication attempts. POST request with wrong credentials results in 200 and with correct credentials in a 302 response from the server.

Brute Force Attack

The above screenshot shows the test using BurpSuite Intruder tool

melbinkm avatar Sep 02 '21 04:09 melbinkm

Thank you very much for testing and reporting this. We will create a fix asap.

azett avatar Sep 13 '21 18:09 azett