Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unlimited passcode trials #20

Open
zmxv opened this issue Sep 17, 2022 · 1 comment
Open

Unlimited passcode trials #20

zmxv opened this issue Sep 17, 2022 · 1 comment
Labels
feature request New feature request

Comments

@zmxv
Copy link

zmxv commented Sep 17, 2022

Bug Type

Security

Reproduction steps

  1. Set up a wallet and a four digit passcode.
  2. Restart the wallet app and start entering wrong passcodes.

Actual result

A user can try passcodes without rate limits.

screenshot

Expected result

Rate limiting (with exponential backoff) should be enforced to prevent brute force attack.
And passcode should not be limited to four digits only.

Suggested Severity

High

Device

Desktop (please complete the following information):

OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information):

Device: iPhone 13 Pro
OS: iOS 15.6.1
Browser: Mobile Safari
Version: Tonkeeper 2.6

Additional Context

No response
@olyaMay
Copy link
Contributor

olyaMay commented Oct 3, 2022

Hi, the issue have been registered in our system with internal TK-799. You will get a PR number when it will be fixed. Thanks!

@olyaMay olyaMay added the feature request New feature request label Oct 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zmxv @olyaMay