@anonymous-matomo-user opened this Issue on July 26th 2013

Hello Piwik Security Team
I found two bugs in your web application system

  1. brite force attack ( Password list attack)
  2. user Enumeration

Brute Force Attack
an attacker can try more than 500 password on your forum and devloper log in panel to crack victim password

User Unumeration
An attacker can dump all your user email id by mass brute force attack
and after that he can leak them out or do whatever

I create a Strong POC for those Bugs

I uploaded all two POC on dropbox
You can download that all POC from Here

https://www.dropbox.com/s/6cgn82jfvgyuint/Piwik%20Two%20Vulnerabilities.zip
Keywords: Security Issue

@anonymous-matomo-user commented on July 26th 2013

i unable to upload poc here because limit of file size is only 3 mb and my POC size hi more than 7mb so i uploaded all poc on DropBox.com and i also mention the dropbox link so you can download all poc from here
https://www.dropbox.com/s/6cgn82jfvgyuint/Piwik%20Two%20Vulnerabilities.zip

@mattab commented on July 29th 2013 Member

See duplicate #2888

This Issue was closed on July 29th 2013
Powered by GitHub Issue Mirror