Design Flaw : A Tale of Permanent DOS (Informative -> Triaged)

  • The attacker has not gained access to account because it was prevented by locking out user account
  • The victim won’t ever bruteforce his/her own password as we the victim has got options to reset password
  • How implementation in design can lead to high severity issues/flaws like this
  • Always be patient and if the triager is not understanding, tell about what you found more briefly and in detail from attacker point of view like ease of exploitation and how it can be exploited, etc

--

--

--

EAT…SLEEP…..LEARN….REPEAT // https://twitter.com/AkashHamal0x01

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

QR: Share your Wi-Fi easy.

{UPDATE} Galactic Colonies Hack Free Resources Generator

Corona Crypto Airdrop

Bittrex Registration Guide 4 Steps to Getting Verified

SCAM ALERT!! There are malicious individuals out there scamming people in the name of #Birdchain

Let’s talk about APIs and Security

{UPDATE} Recién nacido enfermera Trabajo Hack Free Resources Generator

Privacy-Preserving Social Login with Hypersign

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash Hamal

Akash Hamal

EAT…SLEEP…..LEARN….REPEAT // https://twitter.com/AkashHamal0x01

More from Medium

How i find (CORS) cross-origin resource sharing misconfiguration

Stored XSS to stealing Admin credentials to your domain

How I was able collect PII of all users

Privilege Escalation Leads to User File Storage leakage on PythonAnywhere.com Web Console