rate-limiting-bypass

2 articles
Sort: New Top Best
clear filter
bug-bounty621 facebook431 xss316 google103 rce101 csrf60 microsoft59 web354 account-takeover53 writeup50 apple42 sqli41 cve35 ssrf34 exploit33 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 ethereum23 clickjacking23 smart-contract23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 race-condition15 cloud15 reverse-engineering14 authentication-bypass14 solidity14 oauth12 browser12 info-disclosure12 aws12 sql-injection11 delegatecall11 denial-of-service11 phishing11 web-application-security10 vulnerability9 buffer-overflow9 web-security9 token-theft9
0 6/10
How I Might Have Hacked Any Microsoft Account
bug-bounty

A security researcher discovered a rate-limiting vulnerability in Microsoft's password reset flow that could be exploited via concurrent requests to brute-force 7-digit security codes, bypassing encryption and rate limits to enable account takeover even on accounts with 2FA enabled. Microsoft patched the vulnerability and awarded a $50,000 bounty.

account-takeover password-reset rate-limiting-bypass concurrent-requests mfa-bypass encryption-bypass brute-force microsoft bug-bounty authentication
Laxman Muthiyah Microsoft MSRC HackerOne Instagram
thezerohack.com · kh4sh3i/bug-bounty-writeups · 4 hours ago · details
0
Optimism
vulnerability

A critical censorship vulnerability was discovered in Optimism's sequencer where the chain ID was not validated before rate limiting, allowing attackers to replay transactions from other chains to indefinitely censor 1.3 million accounts by triggering rate limits. The bug affected major protocols including LayerZero, Aave, Uniswap, and Optimism's own multisig owners, enabling selective account censorship with strategic timing control.

sequencer-vulnerability rate-limiting-bypass transaction-censorship chain-id-validation layer-2 optimism dos-attack eip-155 json-rpc proxyd single-point-of-failure censorship-resistance replay-attack nonce-validation
Optimism Labs Bernard Wagner iosiro Optimism Bedrock LayerZero Across Synapse Hop Bridge LayerSwap Aave Uniswap Immunefi Dune Analytics EIP-155 proxyd
iosiro.com · iosiro · 4 hours ago · details