Description
The trudesk application allows to sending a very long password (10000000 characters) it’s possible to cause a denial of service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the password hashing process will result in CPU and memory exhaustion.
1.Go to https://docker.trudesk.io/profile paste the payload in Password parameter
2.Copy the payload from this link:- https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view?usp=sharing and paste on Password parameter
3.You will see that the application allows long password this can leads to Dos and can exploit as DDos