Headline
CVE-2022-44411: Web Based Quiz System v1.0 is vulnerable to brute force attack
Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users’ passwords via a bruteforce attack.
Software Link: https://www.sourcecodester.com/download-code?nid=14727&title=Web+Based+Quiz+System+in+PHP%2FMySQLi+with+Full+Source+Code
Version: v1.0
**
Steps to reproduce:
**
Try to login in the input box.
Capture the packet and find that the password is plaintext transmission, and try to conduct a violent attack.
Judge whether it is the correct password according to different return values.
**
Patch recommendation:
**
Add ratelimit protecion on POST login endpoints/parameters