| Title | Harness harness v3.3.0 Login Endpoint Brute-Force |
|---|
| Description | The login endpoint /api/v1/login is indeed vulnerable to brute-force attacks, as it does not implement any anti-brute-force mechanisms such as rate limiting, CAPTCHA, or account lockout. users can attempt different password combinations an unlimited number of times until they find the correct one. |
|---|
| Source | ⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb020.md |
|---|
| User | Yu_Bao (UID 89348) |
|---|
| Submission | 09/03/2025 11:02 (9 months ago) |
|---|
| Moderation | 09/20/2025 09:05 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325116 [Harness 3.3.0 Login Endpoint /api/v1/login excessive authentication] |
|---|
| Points | 17 |
|---|