Improper Restriction of Excessive Authentication Attempts in polonel/trudesk
Valid
Reported on
Jul 29th 2021
1)Go to https://docker.trudesk.io/ 2)Enter the username and password 3)Capture the request and start bruteforcing the password
IMPACT:
Account takeover
We have contacted a member of the
polonel/trudesk
team and are waiting to hear back
a year ago
The researcher's credibility has increased: +7
This has been fixed in v1.2.2. I will update this report once released.
We have sent a
fix follow up to the
polonel/trudesk
team.
We will try again in 7 days.
2 months ago
Chris Brame
has been awarded the fix bounty
to join this conversation