Open core-ai-bot opened 2 years ago
Comment by Ramttid Thursday Apr 22, 2021 at 21:44 GMT
It only went through 6 passwords before reaching yours which was listed in your dictionary, not really something to worry about I think. Maybe try again with a longer list or the traditional way.
Issue by ayushjhanwar Thursday Apr 22, 2021 at 06:14 GMT Originally opened as https://github.com/adobe/brackets/issues/15344
Dear sir, I'm Ayush Jhanwar, I'm a cybersecurity analyst and I found a bug on your subdomain. Here are the required details.
Vulnerability type: Bruteforce(CWE-307) Subdomain : https://github.com/session Bruteforce login panel to take over the account using Burpsuite.
DESCRIPTION:
REPRODUCTION:
IMPACT:
Stealing personal data and valuable Information. All it takes is the right break-in for a criminal to steal your identity, money, or sell your private credentials for profit. Sometimes, sensitive databases from entire organizations can be exposed in corporate-level data breaches. The attacker can delete a user data and other information .
RECOMMENDATION:
For, more detailed analysis of vulnerability(BUG) I have attached screenshots below of exploiting the vulnerability. i.e PROOF OF CONCEPT