Misconfigured rate limit for SMS phone verification endpoint
Medium
A
Alohi
Submitted None
Team Summary
Official summary from Alohi
One of our rate-limit configurations had a high threshold, allowing attackers to spam request multiple SMS codes (by replicating the network request) to a phone number before getting blocked.
Actions:
Reported by
shamim_12__
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Business Logic Errors