Brute Force Attack On Log In Panel And User Unumeration #4061
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
duplicate
For issues that already existed in our issue tracker and were reported previously.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Hello Piwik Security Team
I found two bugs in your web application system
Brute Force Attack
an attacker can try more than 500 password on your forum and devloper log in panel to crack victim password
User Unumeration
An attacker can dump all your user email id by mass brute force attack
and after that he can leak them out or do whatever
I create a Strong POC for those Bugs
I uploaded all two POC on dropbox
You can download that all POC from Here
https://www.dropbox.com/s/6cgn82jfvgyuint/Piwik%20Two%20Vulnerabilities.zip
Keywords: Security Issue
The text was updated successfully, but these errors were encountered: