Primary

Context

RupeeWeb Trading Platform Missing Rate Limiting Vulnerability on OTP Requests

Vulnerability

A vulnerability exists in the RupeeWeb trading platform, all versions prior to 66.9, due to the absence of rate limiting on One-Time Password (OTP) requests in certain API endpoints. This flaw allows authenticated remote attackers to send multiple OTP requests through the affected endpoints, potentially leading to OTP bombing or flooding on the targeted system.

Impact

Exploitation of this vulnerability could result in OTP bombing, causing disruption by flooding the target system with excessive OTP requests.

Remediation

Users are advised to upgrade RupeeWeb to version 66.9.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RupeeWeb Trading Platform Missing Rate Limiting Vulnerability on OTP Requests

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating