Back to directory
WRITEUP #3784

Password reset code brute-force vulnerability in AWS Cognito

RCEPassword resetBruteforceRate limiting bypassAccount takeover
by@pentagridsec(Pentagrid)
Program
AWS
Published
Apr 30, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://www.pentagrid.ch/de/blog/password-reset-code-brute-force-vulnerability-in-AWS-Cognito/
RELATED WRITEUPS
Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
RCEBruteforce
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
$500 for Cracking Invitation Code For Unauthorized Access & Account Takeover
RCEOTP bruteforce
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package
RCEDependency confusion

Built with ❤️ by Shubham Rawat