Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force [Xoops Bug Reports]

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

2015/1/11 17:11
pbssubhash
Just popping in
Posts: 1
Since: 2015/1/11

Hey,
I found that there is missing rate-limiting protection at login panel of the Xoops CMS by using which an attacker can guess the passwords using brute force attacks.
I'd be more than happy to provide PoC's for this particular bug.

Thanks.

Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force

2015/1/11 17:19
Mamba
Moderator
Posts: 11378
Since: 2004/4/23

Thank you very much!

Please send me a Private Message with details.

Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Jul 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

[Security-Bug]Missing ratelimiting at login panel can result in a brute force

Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force

Login

Search

Recent Posts

Re: xoops_getBaseDomain

xoops_getBaseDomain

Re: Test 3

Test 3

Re: Test2

Re: Test2

Re: Test2

Test2

Re: Xlanguage Module - Default Language Issue

Re: Xlanguage Module - Default Language Issue

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}