2FA Code Brute-forceable

Severity:

Low

How to test:

Submit invalid account credentials and a valid captcha on the login form.
Capture the request with a proxy. It can be submitted multiple times and with different authentication data.

PreviousLack of Password Confirmation NextLack of Verification

Last updated 3 years ago