XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Xoops Bug Reports 
  4.  / [Security-Bug]Missing ratelimiting at login panel can result in a brute force
Register
1
pbssubhash
[Security-Bug]Missing ratelimiting at login panel can result in a brute force

  • 2015/1/11 17:11

  • pbssubhash

  • Just popping in

  • Posts: 1

  • Since: 2015/1/11


Hey,
I found that there is missing rate-limiting protection at login panel of the Xoops CMS by using which an attacker can guess the passwords using brute force attacks.
I'd be more than happy to provide PoC's for this particular bug.

Thanks.
2
Mamba
Re: [Security-Bug]Missing ratelimiting at login panel can result in a brute force

  • 2015/1/11 17:19

  • Mamba

  • Moderator

  • Posts: 11412

  • Since: 2004/4/23


Thank you very much!

Please send me a Private Message with details.
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

178 user(s) are online (143 user(s) are browsing Support Forums)

Members: 0

Guests: 178

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits