๐ Twitter: NO username used in authenthication to www.mopub.com leading to direct password submission which has unlimited submission rate.
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary:user name is not used in authentication leading to direct password submission Description: user name not used in authentication in https://www.mopub.com/login/?next=/dsp-portfolio/ (this page is labelled as SITE ADMIN: refer POC) can lead to direct submitting of password and this password has unlimited submission rate Steps To Reproduce: (Add details for how we can reproduce the issue) go to https://www.mopub.com/login/?next=/dsp-portfolio/ we get a text box input only for password submission. this password submission has unlimited rate for submitting leading to bruteforce attacks. POC screenshots attached. Impact:This page is labelled as site admin (look in poc)and thus direct entry of password only which has no rate for submission can lead to attacker getting logged in. Supporting Material/References: screenshots of POC attached.) Impact attaker can login to page which is listed as SITE ADMIN in... ...