1
pbssubhash
[Security-Bug]Missing ratelimiting at login panel can result in a brute force
  • 2015/1/11 17:11

  • pbssubhash

  • Just popping in

  • Posts: 1

  • Since: 2015/1/11


Hey,
I found that there is missing rate-limiting protection at login panel of the Xoops CMS by using which an attacker can guess the passwords using brute force attacks.
I'd be more than happy to provide PoC's for this particular bug.

Thanks.




TopTop



Login

Who's Online

155 user(s) are online (106 user(s) are browsing Support Forums)


Members: 0


Guests: 155


more...

Donat-O-Meter

Stats
Goal: AU$15.00
Due Date: Jul 31
Gross Amount: AU$0.00
Net Balance: AU$0.00
Left to go: AU$15.00
Make donations with PayPal!

Latest GitHub Commits