暴力破解用户密码没有速率控制
Medium
X
X (Formerly Twitter)
Submitted None
Actions:
Reported by
1735096419
Vulnerability Details
Technical details and impact analysis
http://www.twitter.com的登录功能存在一个问题,只限制了单个用户尝试登录系统的错误次数,并不限制用固定的密码去尝试登录不同用户,或者是撞库
请您跟着视频操作,否则无法复现到此问题
## Impact
暴力破解用户密码没有速率控制
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Unverified Password Change