Nextcloud: No rate limiting on password protected shared file link

ID H1:145462
Type hackerone
Reporter johnd
Modified 2016-06-20T16:03:43


User can share any files with link and can also set password for it but issue is there isn't any rate limting implemented there at this feature. So attacker can bruteforce shared link whereas on the other side victim might be thinking he is safe even he shared private file link in publically.