brute-force-attack

2 articles
sort: new top best
clear filter
bug-bounty484 google314 xss279 microsoft259 facebook219 rce172 apple153 exploit142 malware107 bragging-post102 account-takeover100 cve89 csrf84 privilege-escalation80 authentication-bypass66 stored-xss65 writeup62 phishing57 reflected-xss57 browser55 react54 dos53 ssrf52 access-control50 input-validation49 cloudflare49 cross-site-scripting48 supply-chain47 node47 aws46 docker46 sql-injection45 smart-contract45 ethereum44 web-security43 oauth43 web-application43 defi43 web340 reverse-engineering39 lfi37 burp-suite36 idor36 vulnerability-disclosure35 html-injection33 race-condition33 csp-bypass32 smart-contract-vulnerability32 clickjacking31 information-disclosure30
0 5/10
Oculus Identity Verification bypass through Brute Force
vulnerability

A brute-force attack vulnerability was discovered in Oculus identity verification during username changes, where the lack of rate limiting allowed an attacker to enumerate 6-digit OTP codes and distinguish valid codes from invalid ones by analyzing response length differences (840 bytes for valid, 1152 for invalid).

brute-force-attack rate-limit-bypass otp-bypass identity-verification authentication-bypass oculus meta burp-suite response-length-analysis
Oculus Facebook Karthik Kumar Reddy Gmail Burp Suite
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 4/10
OTP bruteforce account takeover
bug-bounty

A researcher discovered an OTP brute-force vulnerability in a login mechanism where a 6-digit OTP lacked rate limiting, allowing attackers to enumerate valid codes through direct iteration and achieve account takeover. The vulnerability was exploited by writing a custom script that systematically tested OTP combinations and replaced session cookies to gain unauthorized access.

otp-bruteforce account-takeover rate-limiting-bypass authentication-bypass brute-force-attack otp-weakness login-vulnerability information-disclosure bragging-post
Th3Y0ungM0nk BurpSuite Intruder EditThisCookie
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details