easy fix for users for this problem:
1. Don't keep any funds or BTC on bitstamp
2. Change your password when you plan to send funds to your account. (before you send)
3. When you do send funds to bitstamp either buy or sell and withdrawal immediately.
Topic: Bitstamp bruteforce attack on 2FA (Read 923 times)
They are in no hurry to correct obvious bugs
it is very bad for their reputation
it is very bad for their reputation
They should freeze account login after 3-5 failed attempts.
or freeze 2FA on 1 hour after 3 failed attempts
The code changes every 30 seconds, so you can try the same 50 codes every 30 seconds and hope to get lucky over time.
you just need generate random codes30 sec has no effect its just probability theory
this is horrible if there's no limit from bitstamp for failed attemps
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp
no fixed time to break it, just pure luck
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp
i send 100 request per minute
to break bitstamp login 2fa you need only 7 days
what is 7 days? the google code change every 30 secondsto break bitstamp login 2fa you need only 7 days
no fixed time to break it, just pure luck
yes 7 days its mean
100 random codes in minute its 1000000/100 minutes = 7 days
7 days - average value
this is horrible if there's no limit from bitstamp for failed attemps
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp
no fixed time to break it, just pure luck
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp
i send 100 request per minute
to break bitstamp login 2fa you need only 7 days
what is 7 days? the google code change every 30 secondsto break bitstamp login 2fa you need only 7 days
no fixed time to break it, just pure luck
That's problematic, they need to set up more parameters to prevent access. Agree, lock out should be implemented.
They should freeze account login after 3-5 failed attempts.
The code changes every 30 seconds, so you can try the same 50 codes every 30 seconds and hope to get lucky over time.
i send 100 request per minute
to break bitstamp login 2fa you need only 7 days
to break bitstamp login 2fa you need only 7 days
Bitstamp doesnt have protection against bruteforce attack on 2FA
Have you contacted them prior to posting this here?yes today contacted
Bitstamp doesnt have protection against bruteforce attack on 2FA
Have you contacted them prior to posting this here?
Bitstamp doesnt have protection against bruteforce attack on 2FA
Jump to: