https://github.com/strapi/strapi/issues/9470
Prevent brute force attack on admin login · Issue #9470 · strapi/strapi
Strapi version: 3.4.6 It's possible to do brute force attack on Strapi admin login. Currently, there are no way of rate limiting in Strapi for login.
github.com
types of attacks possible:
CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC-112: Brute Force
CVSS 7.5
path: /documentation/login
path: /admin/auth/login
how to fix this issue? captcha should show up after a few failed login attempts
'경로 및 정보' 카테고리의 다른 글
| LLM 취약점 경로 (0) | 2024.04.01 |
|---|---|
| Directory Scan github (0) | 2024.03.27 |
| 블록체인 관련 (0) | 2024.03.16 |
| Oracle Padding 확인 (0) | 2024.03.11 |
| POODLE PoC 체크 (0) | 2024.03.08 |
wtdsoul