We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security
A user can try passcodes without rate limits.
Rate limiting (with exponential backoff) should be enforced to prevent brute force attack. And passcode should not be limited to four digits only.
High
Desktop (please complete the following information):
OS: [e.g. iOS] Browser [e.g. chrome, safari] Version [e.g. 22] Smartphone (please complete the following information):
Device: iPhone 13 Pro OS: iOS 15.6.1 Browser: Mobile Safari Version: Tonkeeper 2.6
No response
The text was updated successfully, but these errors were encountered:
Hi, the issue have been registered in our system with internal TK-799. You will get a PR number when it will be fixed. Thanks!
Sorry, something went wrong.
No branches or pull requests
Bug Type
Security
Reproduction steps
Actual result
A user can try passcodes without rate limits.
Expected result
Rate limiting (with exponential backoff) should be enforced to prevent brute force attack.
And passcode should not be limited to four digits only.
Suggested Severity
High
Device
Desktop (please complete the following information):
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information):
Device: iPhone 13 Pro
OS: iOS 15.6.1
Browser: Mobile Safari
Version: Tonkeeper 2.6
Additional Context
No response
The text was updated successfully, but these errors were encountered: