Nextcloud: No Rate Limiting on stats.nextcloud.com login

2016-06-22T09:34:15
ID H1:146424
Type hackerone
Reporter japz
Modified 2016-06-22T11:40:19

Description

There is no defenses or any lockout mechanism on stats.nextcloud.com login , a malicious minded user can continue guessing an account password limitless, and this might cause to completely compromised the site.

Recommendation: Put a rate limit or a any lockout mechanism

Regards Japz