Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrMaakthon6369F355-E6EF-4469-AF75-0F6FF00CDE3D
HistoryAug 12, 2022 - 8:03 p.m.

No rate limit on main Login page lead to account takeover

2022-08-1220:03:31
maakthon
www.huntr.dev
46
login page
rate limit
brute force
password policy
weak
bug bounty

EPSS

0.001

Percentile

51.0%

JSON

Hi Team,

Summary:

As a best practice a login page should have a rate limit to avoid any kind of brute force.

Aslo The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character.

Related

osv 2
veracode 1
nvd 1
github 1
prion 1
cvelist 1
cve 1
osv
osv
CVE-2022-2822
2022-08-15 11:21:32
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
veracode
veracode
Privilege Escalation
2022-08-16 05:38:36
nvd
nvd
CVE-2022-2822
2022-08-15 11:21:32
github
github
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
prion
prion
Default credentials
2022-08-15 11:21:00
cvelist
cvelist
CVE-2022-2822 Authentication Bypass by Primary Weakness in octoprint/octoprint
2022-08-15 10:30:17
cve
cve
CVE-2022-2822
2022-08-15 11:21:32

EPSS

0.001

Percentile

51.0%

JSON
Related for 6369F355-E6EF-4469-AF75-0F6FF00CDE3D
osv2veracode1nvd1github1prion1cvelist1cve1