Account Takeover [namelessmc.com] in namelessmc/nameless

Valid

Reported on

Aug 6th 2022


Description:

  1. Hello team, while i was testing on https://namelessmc.com/login/ i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field

Steps to reproduce:

  1. 1- go to https://namelessmc.com/login/
  2. 2- Enter username and any password
  3. 3- Capture the request with burpsuite and start bruteforcing with our wordlist

POC Screenshot:

Patch recommendation:

  1. Add ratelimit protecion on POST login endpoints/parameters

Impact

  1. Account takeover
We are processing your report and will contact the namelessmc/nameless team within 24 hours. 2 months ago
We have contacted a member of the namelessmc/nameless team and are waiting to hear back 2 months ago
Sam validated this vulnerability 2 months ago
AGNIHACKERS has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
AGNIHACKERS
2 months ago

Researcher


@maintainer are you happy to assign a CVE? please confirm, then only admin can move further

AGNIHACKERS
2 months ago

Researcher


@Sam waiting for bounty . This is critical vulnerability.

AGNIHACKERS
2 months ago

Researcher


@admin can you pls assign a CVE for this?

Jamie Slome
2 months ago

Admin


Happy to assign a CVE once we get the go-ahead from the maintainer 👍

AGNIHACKERS
2 months ago

Researcher


@maintainer are you happy to assign a CVE ? Please confirm

We have sent a fix follow up to the namelessmc/nameless team. We will try again in 7 days. 2 months ago
AGNIHACKERS
2 months ago

Researcher


@maintainer are you happy to assign a CVE ? Please confirm

Sam
2 months ago

Maintainer


Hi, apologies for the delay.

Yes I am happy to go ahead with assigning a CVE.

Sam confirmed that a fix has been merged on 98fe4b 2 months ago
The fix bounty has been dropped
login.php#L1-L331 has been validated
AGNIHACKERS
2 months ago

Researcher


@admin maintainer as given the permission for assigning CVE. So please assign a CVE for this report

Jamie Slome
2 months ago

Admin


Sorted 👍

AGNIHACKERS
2 months ago

Researcher


@admin waiting for bounty . This is critical vulnerability.

Jamie Slome
2 months ago

Admin


There is no bounty for this report. You should see the potential bounty for a report when you submit it.

to join this conversation