Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Khan Academy: Login page vulnerable to bruteforce attacks via rate limiting bypass

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Khan Academy: Login page vulnerable to bruteforce attacks via rate limiting bypass


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
SUMMARY This report consists of two vulnerabilities. 1st vulnerability: I found out that there is a rate limiting in place after 25 failed attempts. Now that is good, but when i use other email address to bruteforce, The rate limit didnt preserve to the new email. This may looks like a minor issue but such vulnerabilities may lead to mass account bruteforce. I dont know if it is an intentional behaviour but it may pose a risk for your users. I included a video poc and the python poc file for the proof POC {F1089532} {F1089533} 2nd vulnerability I found a way to bypass the rate limit. While trying to bypass the rate limit, i tried adding spaces in the identifier parameter and to my surprise, that bypassed the rate limiting, i then dig deeper into it and i found out that the character \n also bypass it. Now whenever we got locked out, we can just simply add \n again. And it looks like there is no limit on how much \n we can add. This completely bypassed the rate limiting in place STEPS TO REPRODUCE Go to khanacademy.org Login with any creds and intercept the request Send it to intruder and use null payloads and use 30 payloads You will see that you will get rate limited on the email that you use. Now add \n after the email You will see that the rate limit is not in place anymore POC {F1089538} Impact This may allow an attacker to do bruteforce attacks on users that may leads to account... ...



๐Ÿ“Œ Khan Academy: Login page vulnerable to bruteforce attacks via rate limiting bypass


๐Ÿ“ˆ 125.47 Punkte

๐Ÿ“Œ Future Education by Salman Khan, Founder of the Khan Academy


๐Ÿ“ˆ 53.71 Punkte

๐Ÿ“Œ Smule: No Rate Limiting On Phone Number Login Leads to Login Bypass


๐Ÿ“ˆ 51.98 Punkte

๐Ÿ“Œ Khan Academy: CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files


๐Ÿ“ˆ 40.66 Punkte

๐Ÿ“Œ Tackle DDOS attacks with Redis Rate Limiting


๐Ÿ“ˆ 35.95 Punkte

๐Ÿ“Œ Showmax: lack of rate limit on athentification login page & forgot password page


๐Ÿ“ˆ 35.42 Punkte

๐Ÿ“Œ Badoo: The login of Hotor Not is Vulnerable to bruteforce.


๐Ÿ“ˆ 35.02 Punkte

๐Ÿ“Œ Critical Flaws in Khan Academy Opened Door to Account Takeovers


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Critical Flaws in Khan Academy Opened Door to Account Takeovers


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy: Users can make accounts with a fake email address.


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy simple-markdown up to 0.4.3 URI cross site scripting


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy: Account takeover by changing email


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy: RTL override char allowed at https://www.khanacademy.org/computer-programming/link_redirector?url=*


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy: xss due to incorrect handling of postmessages


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy: S3 bucket takeover [learn2.khanacademy.org]


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy Chief Says GPT-4 is Ready To Be a Tutor


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Khan Academy: Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.


๐Ÿ“ˆ 33.65 Punkte

๐Ÿ“Œ Craft CMS Rate Limiting / Brute Force


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Using Rate Limiting to Protect Web Apps and APIs - Jack Zarris - ASW #108


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ #0daytoday #Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ CVE-2016-6363 | Cisco Aironet 8.2/8.3 802.11 Rate Limiting memory corruption (BID-92511 / ID 1036645)


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Setting up Rate Limiting in .NET 7 with Damien Edwards and David Fowler @ Microsoft Ignite


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Don't use 403s or 404s for rate limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Prevent API overload with rate limiting in AWS


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ API Rate Limiting Cheat Sheet


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Break the DDoS Attack Loop With Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ Cisco Aironet 8.2/8.3 802.11 Rate Limiting Reload Denial of Service


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ nftables: how to do connection rate limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ PHPJabbers Event Ticketing System 1.0 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte

๐Ÿ“Œ PHPJabbers Cinema Booking System 1.0 Missing Rate Limiting


๐Ÿ“ˆ 30.4 Punkte











matomo