Improper Restriction of Excessive Authentication Attempts in polonel/trudesk

Valid

Reported on

Jul 29th 2021

1)Go to https://docker.trudesk.io/ 2)Enter the username and password 3)Capture the request and start bruteforcing the password

IMPACT:

Account takeover

We have contacted a member of the polonel/trudesk team and are waiting to hear back 2 years ago

Chris validated this vulnerability 2 years ago

sudheendra17 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

commented 2 years ago

Maintainer

This has been fixed in v1.2.2. I will update this report once released.

We have sent a fix follow up to the polonel/trudesk team. We will try again in 7 days. 2 years ago

Chris marked this as fixed in 1.2.2 with commit 526cef 2 years ago

Chris has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation