..| Discourse 2.7.0 - CVE-2021-3138 |..

Description :

Rate limit Bypass which leads to 2FA Bypass

Tested Version :

2.7.0

Attack Type:

Remot

Impact :

2FA Bypass

Vendor of Product :

https://www.discourse.org

Additional Information :

Discourse is discussion platform built for the next decade of the Internet .Used as:
-mailing list
-discussion forum
-long-form chat room

and there are well known companies such as Google acquisitions that have been using Discourse until this moment.

Discoverer :

Meshal Almansour
Twitter: mesh3l_911