No rate limit on sending magic link to sign-in in vriteio/vrite
Sep 24th 2023
It was observed that rate limit is not being implemented on sending magic link , which allows an attacker to spam the victims mailbox.
Affected URL : https://app.vrite.io/api/v1/auth.sendMagicLink?batch=1
Proof of Concept
1. Visit -> https://app.vrite.io/auth
2. select option "continue with" magic link.
3. Now enter the mail & turn on your intercept and capture the request while you Click on Send magic link.
4. Now hit this request multiple times using intruder.
5. You will see that the mailbox has been spammed.
Video PoC : https://drive.google.com/file/d/1Ej4DoUFeFDUzD5bdhmQ6mpuWDgZMGbw9/view?usp=sharing
Due to lack of rate limit this may create an email spam attack or may put immense load on the mail server being used causing additional expenses for the organization. In certain condition it may led to application level DOS