Brute Force Attack On Log In Panel And User Unumeration #4061
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
duplicate
For issues that already existed in our issue tracker and were reported previously.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Comments
|
i unable to upload poc here because limit of file size is only 3 mb and my POC size hi more than 7mb so i uploaded all poc on DropBox.com and i also mention the dropbox link so you can download all poc from here |
|
See duplicate #2888 |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello Piwik Security Team
I found two bugs in your web application system
Brute Force Attack
an attacker can try more than 500 password on your forum and devloper log in panel to crack victim password
User Unumeration
An attacker can dump all your user email id by mass brute force attack
and after that he can leak them out or do whatever
I create a Strong POC for those Bugs
I uploaded all two POC on dropbox
You can download that all POC from Here
https://www.dropbox.com/s/6cgn82jfvgyuint/Piwik%20Two%20Vulnerabilities.zip
Keywords: Security Issue
The text was updated successfully, but these errors were encountered: