Lincoln
10-16-2014, 04:27 PM
[Only registered and activated users can see links]
Can anyone verify what the limit is here? From my simple manual attempts, it doesn't seem to have a limit. Only have had the opportunity to try it by hand, however. The possibility that they are using a system of attempt-based bans that does not change the error message displayed (does not match password) is present but not likely. I don't have time to set up a brute force test to try to find the point (if any) at which login attempts are banned. Has anyone here tried it out?
---------- Post added at 04:27 PM ---------- Previous post was at 04:23 PM ----------
[Only registered and activated users can see links]
Using moble API. I am thinking that the same kind of flaw exists on the non-mobile version. If so, vulnerability to brute force is going to go up. Although brute force is not at all a successful way to attack, because it can take so long, the vulnerability still exists from what I can see.
Can anyone verify what the limit is here? From my simple manual attempts, it doesn't seem to have a limit. Only have had the opportunity to try it by hand, however. The possibility that they are using a system of attempt-based bans that does not change the error message displayed (does not match password) is present but not likely. I don't have time to set up a brute force test to try to find the point (if any) at which login attempts are banned. Has anyone here tried it out?
---------- Post added at 04:27 PM ---------- Previous post was at 04:23 PM ----------
[Only registered and activated users can see links]
Using moble API. I am thinking that the same kind of flaw exists on the non-mobile version. If so, vulnerability to brute force is going to go up. Although brute force is not at all a successful way to attack, because it can take so long, the vulnerability still exists from what I can see.