⌘Ctrlk

Introduction
- Automation
- Python
- 🌐APPLICATION LEVEL
  🔒AUTHENTICATION
  Authentication Bypass
  Lack of Password Confirmation
  2FA Code Brute-forceable
  Lack of Verification
  Lack of Throttling on Form Submissions
  Lack of Rate Limiting on Login
  Weak Password Complexity Rules
  🖥️SESSION MANAGEMENT
  🔑ACCESS CONTROL
  🔢INPUT VALIDATION
  ➗CRYPTOGRAPHY
  📉LOGGING
  📕DATA PROTECTION
  📲COMMUNICATION
  👨‍💻MALICIOUS CODE
  💡LOGIC
  🗄️FILE UPLOAD
  ⚙️API ISSUES
  🔍CONFIGURATIONS
- 💾INFRASTRUCTURE LEVEL

Powered by GitBook

For the complete documentation index, see llms.txt. This page is also available as Markdown.

🐞Vulnerability Wiki
🌐APPLICATION LEVEL
🔒AUTHENTICATION

2FA Code Brute-forceable

Severity:

Low

How to test:

Submit invalid account credentials and a valid captcha on the login form.
Capture the request with a proxy. It can be submitted multiple times and with different authentication data.

PreviousLack of Password Confirmation NextLack of Verification

Last updated 3 years ago

Severity:
How to test: