Bitstamp bruteforce attack on 2FA

[somenick]

Bitstamp doesnt have protection against bruteforce attack on 2FA

[1714735966]

1714735966

[poordeveloper]

Bitstamp doesnt have protection against bruteforce attack on 2FA

Have you contacted them prior to posting this here?

[somenick]

Bitstamp doesnt have protection against bruteforce attack on 2FA

Have you contacted them prior to posting this here?

its not fatal
yes today contacted

[somenick]

i send 100 request per minute
to break bitstamp login 2fa you need only 7 days

[Sukrim]

The code changes every 30 seconds, so you can try the same 50 codes every 30 seconds and hope to get lucky over time.

[arbitrage001]

They should freeze account login after 3-5 failed attempts.

[Otsu]

That's problematic, they need to set up more parameters to prevent access. Agree, lock out should be implemented.

[BigBoy89]

this is horrible if there's no limit from bitstamp for failed attemps
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp

i send 100 request per minute
to break bitstamp login 2fa you need only 7 days

what is 7 days? the google code change every 30 seconds
no fixed time to break it, just pure luck

[somenick]

this is horrible if there's no limit from bitstamp for failed attemps
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp

i send 100 request per minute
to break bitstamp login 2fa you need only 7 days

what is 7 days? the google code change every 30 seconds
no fixed time to break it, just pure luck

yes 7 days its mean

100 random codes in minute its 1000000/100 minutes = 7 days
7 days - average value

[somenick]

The code changes every 30 seconds, so you can try the same 50 codes every 30 seconds and hope to get lucky over time.

you just need generate random codes
30 sec has no effect its just probability theory

[somenick]

They should freeze account login after 3-5 failed attempts.

or freeze 2FA on 1 hour after 3 failed attempts

[somenick]

They are in no hurry to correct obvious bugs
it is very bad for their reputation

[smoothie]

easy fix for users for this problem:

1. Don't keep any funds or BTC on bitstamp

2. Change your password when you plan to send funds to your account. (before you send)

3. When you do send funds to bitstamp either buy or sell and withdrawal immediately.