[Security-Bug]Missing ratelimiting at login panel can result in a brute force [Xoops Bug Reports]

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

2015/1/11 17:11
pbssubhash
Just popping in
Posts: 1
Since: 2015/1/11

Hey,
I found that there is missing rate-limiting protection at login panel of the Xoops CMS by using which an attacker can guess the passwords using brute force attacks.
I'd be more than happy to provide PoC's for this particular bug.

Thanks.

Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force

2015/1/11 17:19
Mamba
Moderator
Posts: 11366
Since: 2004/4/23

Thank you very much!

Please send me a Private Message with details.

Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}