'2024/03/21'에 해당되는 글 1건

strapi 관련

경로 및 정보 2024. 3. 21. 14:20

 

https://github.com/strapi/strapi/issues/9470

 

Prevent brute force attack on admin login · Issue #9470 · strapi/strapi

Strapi version: 3.4.6 It's possible to do brute force attack on Strapi admin login. Currently, there are no way of rate limiting in Strapi for login.

github.com

 

 

types of attacks possible:

CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC-112: Brute Force

CVSS 7.5

path: /documentation/login
path: /admin/auth/login

how to fix this issue? captcha should show up after a few failed login attempts

'경로 및 정보' 카테고리의 다른 글

LLM 취약점 경로  (0) 2024.04.01
Directory Scan github  (0) 2024.03.27
블록체인 관련  (0) 2024.03.16
Oracle Padding 확인  (0) 2024.03.11
POODLE PoC 체크  (0) 2024.03.08
블로그 이미지

wtdsoul

,

공지사항

태그목록

글 보관함

달력

«   2024/03   »
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31

티스토리툴바