Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrMaakthon6369F355-E6EF-4469-AF75-0F6FF00CDE3D
HistoryAug 12, 2022 - 8:03 p.m.

No rate limit on main Login page lead to account takeover

2022-08-1220:03:31
maakthon
www.huntr.dev
41

0.001 Low

EPSS

Percentile

51.1%

JSON

Hi Team,

Summary:

As a best practice a login page should have a rate limit to avoid any kind of brute force.

Aslo The password policy used in the account creation and password change pages is weak, allowing to set a password of only 1 character.

Related

veracode 1
osv 2
github 1
nvd 1
prion 1
cve 1
cvelist 1
veracode
veracode
Privilege Escalation
2022-08-16 05:38:36
osv
osv
CVE-2022-2822
2022-08-15 11:21:32
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
github
github
OctoPrint does not have rate limiting on the login page
2022-08-16 00:00:31
nvd
nvd
CVE-2022-2822
2022-08-15 11:21:32
prion
prion
Default credentials
2022-08-15 11:21:00
cve
cve
CVE-2022-2822
2022-08-15 11:21:32
cvelist
cvelist
CVE-2022-2822 Authentication Bypass by Primary Weakness in octoprint/octoprint
2022-08-15 10:30:17

0.001 Low

EPSS

Percentile

51.1%

JSON
Related for 6369F355-E6EF-4469-AF75-0F6FF00CDE3D
veracode1osv2github1nvd1prion1cve1cvelist1