Design Flaw : A Tale of Permanent DOS (Informative -> Triaged)

  • The attacker has not gained access to account because it was prevented by locking out user account
  • The victim won’t ever bruteforce his/her own password as we the victim has got options to reset password
  • How implementation in design can lead to high severity issues/flaws like this
  • Always be patient and if the triager is not understanding, tell about what you found more briefly and in detail from attacker point of view like ease of exploitation and how it can be exploited, etc

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store