Nextcloud: BruteForce in to Admin Account

ID H1:188205
Type hackerone
Reporter hackerwahab
Modified 2016-12-04T18:49:18



My self Abdulwahab, I want to Alert You that Your website is Facing a serious Problem Called : Username Enumeration This Problem is on

We Use wpscan to get username

and the username is "frank" After getting username a user can Bruteforce it Using Wpscan and get access to admin panel and upload shell and also get all sub_domain Means Full Server is Hacked!


To Fix this use Wordpress Login Attemptizer

Thanks, ABDULWAHAB, Independent Cyber Security Researcher,