Bypass password reset rate limit protection at moneybird.com/passwords
High
M
Moneybird
Submitted None
Team Summary
Official summary from Moneybird
Attacker found a way to completely bypass our rate limit protection, allowing for other types of attacks. This involved changing the value of the X-Forwarded-For header. Attacker never got a 429 response from our servers when the value for each request is different.
Actions:
Reported by
osama-hamad
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Uncontrolled Resource Consumption