xoops forums

pbssubhash

Just popping in
Posted on: 2015/1/11 17:11
pbssubhash
pbssubhash (Show more)
Just popping in
Posts: 1
Since: 2015/1/11
#1

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

Hey,
I found that there is missing rate-limiting protection at login panel of the Xoops CMS by using which an attacker can guess the passwords using brute force attacks.
I'd be more than happy to provide PoC's for this particular bug.

Thanks.

Mamba

Moderator
Posted on: 2015/1/11 17:19
Mamba
Mamba (Show more)
Moderator
Posts: 10770
Since: 2004/4/23
#2

Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force

Thank you very much!

Please send me a Private Message with details.
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs