Closed Sn1r closed 2 months ago
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
Hi, any feedback?
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
This issue was closed because it has been stalled for 5 days with no activity.
Is this a BUG REPORT or FEATURE REQUEST?:
What happened: The vulnerability includes a bypass in the implementation of the rate-limiting mechanism, which blocks a malicious actor’s IP address while performing suspicious login attempts toward the system's authentication mechanism. This can be done by appending the "X-Forwarded-For" header to each login request and by that, the backend "considers" this as a new IP address, allowing to carry on with a successful brute force attack.
What did you expect to happen: Avoid IP spoofing by unsetting the X-Forwarded-For header to determine the originated user’s IP address. If not possible, prevent spoofing of the X-Forwarded-For header in Node.js by configuring Express to trust only specific proxies with known IP ranges using the trustProxy setting and verifying the IP address against a whitelist.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?: Nothing else. I'm available for further questions.
Environment:
Below is a PoC:
https://github.com/polonel/trudesk/assets/71400526/76de836c-934d-43b3-86e9-ec926cf454c5