vulnerability lack of rate limiting
severity 3.7
language typescript
registry other


Lack of RateLimiting in the login page of traduora.

Proof of Concept

  • clone the github repo
  • setted up traduora platform to reproduce the vulnerability
  • I used an intruder in BURP SUITE to test for rate limiting on the password field.
  • In normal intruder function it shows status code 429 that is ratelimit function is there
  • To bypass it use intruder with throttle above 700 and use thread 100+ , for wrong password it shows 401 errror if right password comes it shows 200 error.

[POC of Error] [POC of bypassing ratelimiting]


The attacker is able to perform bruteforce attack in login into victim account.