Skip to content
This repository has been archived by the owner on Feb 1, 2023. It is now read-only.

DOS Exploit #43

Open
Tostino opened this issue Jan 26, 2023 · 0 comments
Open

DOS Exploit #43

Tostino opened this issue Jan 26, 2023 · 0 comments

Comments

@Tostino
Copy link

Tostino commented Jan 26, 2023

Hey, just wanted to let you know I've gotten reports from users of my library: Nbvcxz that are getting a DOS every so often by specifically crafted passwords.

I even found a tool created by a government contractor used for issuing a DOS against programs using libraries containing the vulnerable (to combination explosion) algorithms from the original zxcvbn implementation:

I've solved this by implementing a maxLength type configuration...but that isn't totally done yet as I feel like I still need to have it do dictionary checks against the full-length password without any transformations. Working on finishing that feature and putting out a release.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant