macrozheng mall Improper Restriction of Excessive Authentication Attempts Vulnerability

A vulnerability exists in macrozheng mall version 1.0.3 and prior, where the admin login component fails to adequately limit excessive authentication attempts. This flaw allows unauthenticated remote attackers to conduct brute force attacks, bypassing authentication. The vulnerability arises from improper management of authentication attempts, leaving the system open to exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized access through brute force authentication bypass, allowing attackers to gain administrative privileges.

Reproduction

To reproduce this vulnerability, initiate a brute force attack on the admin login page of the macrozheng mall application version 1.0.3 or earlier. The application does not properly limit the number of failed login attempts, allowing for repeated tries with different passwords. Monitor the response status and content length to confirm the bypass.