No rate limit in stats api token endpoint
Low
C
Chaturbate
Submitted None
Actions:
Reported by
maximus-decimus-meridius
Vulnerability Details
Technical details and impact analysis
##Brute force on statsapi endpoint to view stats of an user##
## Steps To Reproduce:
1. Stats api token can be generated at https://chaturbate.com/statsapi/authtoken/
https://chaturbate.com/statsapi/?username=hackeronetestchat&token=**vulnerable**
I've used my profile and and my token to check brute force
The correct token returned with 200 ok status
## Impact
An attacker could view the stats of an user
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Restriction of Authentication Attempts