Localize: No BruteForce Protection

2014-04-17T18:24:14
ID H1:7869
Type hackerone
Reporter robin
Modified 2014-04-22T05:01:18

Description

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.

http://www.localize.io/

This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web references for more information about fixing this problem.

The impact of this vulnerability:-

An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, and symbols until it discovers the one correct combination that works.

How to fix this vulnerability:-

It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.