Improper Restriction of Excessive Authentication Attempts in polonel/trudesk


Reported on

Jul 29th 2021

1)Go to 2)Enter the username and password 3)Capture the request and start bruteforcing the password


Account takeover

We have contacted a member of the polonel/trudesk team and are waiting to hear back 2 years ago
Chris validated this vulnerability 2 years ago
sudheendra17 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
2 years ago


This has been fixed in v1.2.2. I will update this report once released.

We have sent a fix follow up to the polonel/trudesk team. We will try again in 7 days. 2 years ago
Chris marked this as fixed in 1.2.2 with commit 526cef 2 years ago
Chris has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation