Nextcloud: No Rate Limiting on login

ID H1:146424
Type hackerone
Reporter japz
Modified 2016-06-22T11:40:19


There is no defenses or any lockout mechanism on login , a malicious minded user can continue guessing an account password limitless, and this might cause to completely compromised the site.

Recommendation: Put a rate limit or a any lockout mechanism

Regards Japz