Sourceforge Brute Force Attack Vulnerability
I want to share my finding "Sourceforge Brute Force" Attack Sourceforge.com which I have reported to Source Forge Security Team on 25th October 2013.
I want to share my finding "Sourceforge Brute Force" Attack Sourceforge.com which I have reported to Source Forge Security Team on 25th October 2013.
While downloading a project i think that i should test the log in panel for brute force attack vulnerability On - https://sourceforge.net/account/login.php
After some analysis i have found that the there was no protection of login attempts or you can say Brute force attack ..
So i test the source forge log in panel i found something interesting.In my test i have tested 100 something attempts with my account bhati.contact@gmail.com
Here you can see that all invalid attempts has came with 200 response code as normal web application behave :-)
And here you can see the difference that attempt no. 104 only one valid log in attempt has came with 302 response code with Session cookies value
So as you saw that there is we need to perform any bypassing technique because there is no security deploy which we have to bypass
Simple and sweet attack :-) Sourceforge Brute Force Attack Vulnerability
Comments Are Always Welcome
No comments:
Post a Comment