7 matches found
BIT-GHOST-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
Authentication Bypass
ghost is vulnerable Authentication Bypass. The vulnerability is caused due to the misuse of multiple X-Forwarded-For headers with different values, which allows remote attackers to bypass the rate-limit protection mechanism. Note that the project recommends a reverse proxy to prevent this...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
Account Takeover [namelessmc.com]
Description: 1. Hello team, while i was testing on https://namelessmc.com/login/ i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field Steps to reproduce: 1. 1- go to https://namelessmc.com/login/ 2. 2- Ente...
Sifchain: No Rate Limit protection in user subscription form
Summary: Hello I found your form that user can subscribe for any update has no rate limit protection. Step to reproduce 1. Visit http://sifchain.finance and move to subscribe form and enter email 2. click on sign-up button. 3. use burpsuite to intercept the request and send to intruder. 4. Clear...
Unikrn: Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.
Summary: ====== This may be low risk impact but I need to suggest on improvement on your existing rate-limit protection on the registration page, It is an easy workaround and make the current protection more secure. Description: ======== Unikrn increases the registration security by requiring use...