HackinKraken/CVE-2022-2650

Improper Restriction of Excessive Authentication Attempts (Brute Force) on wger workout application

CVE-2022-2650 Brute Force on wger workout application v2.0

---

Open-source workout application, wger v2.0, does not restrict unauthenticated login attempts allowing for brute force attacks at the login page.

• https://www.cve.org/CVERecord?id=CVE-2022-2650

• https://nvd.nist.gov/vuln/detail/CVE-2022-2650

Submitted through platform huntr.dev

• https://huntr.dev/bounties/f0d85efa-4e78-4b1d-848f-edea115af64b/

Vulnerability discovered and reported by Steven Amador (@HackinKraken) July, 2022.