๐ Khan Academy: Login page vulnerable to bruteforce attacks via rate limiting bypass
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
SUMMARY This report consists of two vulnerabilities. 1st vulnerability: I found out that there is a rate limiting in place after 25 failed attempts. Now that is good, but when i use other email address to bruteforce, The rate limit didnt preserve to the new email. This may looks like a minor issue but such vulnerabilities may lead to mass account bruteforce. I dont know if it is an intentional behaviour but it may pose a risk for your users. I included a video poc and the python poc file for the proof POC {F1089532} {F1089533} 2nd vulnerability I found a way to bypass the rate limit. While trying to bypass the rate limit, i tried adding spaces in the identifier parameter and to my surprise, that bypassed the rate limiting, i then dig deeper into it and i found out that the character \n also bypass it. Now whenever we got locked out, we can just simply add \n again. And it looks like there is no limit on how much \n we can add. This completely bypassed the rate limiting in place STEPS TO REPRODUCE Go to khanacademy.org Login with any creds and intercept the request Send it to intruder and use null payloads and use 30 payloads You will see that you will get rate limited on the email that you use. Now add \n after the email You will see that the rate limit is not in place anymore POC {F1089538} Impact This may allow an attacker to do bruteforce attacks on users that may leads to account... ...