Support Forums - All Posts - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

Forum Index

Board index » All Posts (pbssubhash)

Bottom

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

2015/1/11 17:11
pbssubhash
Just popping in
Posts: 1
Since: 2015/1/11

Hey,
I found that there is missing rate-limiting protection at login panel of the Xoops CMS by using which an attacker can guess the passwords using brute force attacks.
I'd be more than happy to provide PoC's for this particular bug.

Thanks.

Topic | Forum

Top

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

Forum Index

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}