At one point in time, I decided to move all my passwords to a password manager, because beforehand, I would use the same password for everything, and that's not very secure. As I was doing this for Audiotool however, it didn't prompt me to save my password in the manager and I almost lost access to the account. Luckily, all generated passwords are saved locally to the machine and I was able to figure it out. While doing so, I came across an unfortunate exploit that is necessary for Audiotool to patch as soon as possible.
Despite me being lucky enough to get access back to my account, I had to try over 10 or 15 unique different passwords beforehand, many of which I attempted multiple times. In this regard, Audiotool.com has unlimited password attempts which is really really bad. Attempts should be limited and require precautionary measures such as captchas in order to continue. Taking this into consideration, this could be exploited to create automated processes to "hack" users' passwords and that's no fun for the receiving end. Precautionary measures often break automated processes from continuing because they often can't be solved by them
NOTE: I listed this as a bug primarily because I believe it is an oversight in the design of Audiotool.com and needs to be addressed as soon as possible. If you see it as a feature request, however, I'm fine with the topic being moved, I just wanted to draw initial attention to the concerning issue.
Comments (11)
Yes, i think this should be patched, because, as you said, many accounts could be hacked and lost.
HELP
I second this
HELP HERE : https://mathisrobert57220.wixsite.com/helpmaster/apollo-atsecmeasures
I second your seconding of this, lol
Why am i unable to reply
nvm fixed
:>
I second your seconding of seconding of this
Thanks for bringing this up, we will look into this.
Yep, unlimited is bad
In theory a strong password is secure enough to withstand any off-the-shelf brute-force attack.
But a little extra security doesn't hurt.