Nextcloud: Bruteforce in admin panel

2018-04-20T12:29:20
ID H1:341074
Type hackerone
Reporter shawalkhan
Modified 2020-01-31T14:19:03

Description

Hello there, Admin panel of your website (https://nextcloud.com/wp-login.php) is vulnerable to bruteforce attacks as their is no rate-limiting.

Impact

Can gain access to admin panel. To fix this, Just add rate limiting.