This repository has been archived by the owner on Feb 1, 2023. It is now read-only.
DOS Exploit #43
Comments
# for free
to subscribe to this conversation on GitHub.
Already have an account?
#.
{{ message }}
Hey, just wanted to let you know I've gotten reports from users of my library: Nbvcxz that are getting a DOS every so often by specifically crafted passwords.
I even found a tool created by a government contractor used for issuing a DOS against programs using libraries containing the vulnerable (to combination explosion) algorithms from the original zxcvbn implementation:
I've solved this by implementing a maxLength type configuration...but that isn't totally done yet as I feel like I still need to have it do dictionary checks against the full-length password without any transformations. Working on finishing that feature and putting out a release.
The text was updated successfully, but these errors were encountered: