▲ 1 r/bugbounty
Hello, i new.
Question and curiosity: why does brute force is always forbiden?
It is question. Brute force is useful some cases.
I had report flaged as out of scope proven Ato using hard brute force on weak auth on program.
I know it was going to be out of scope, but if i would robbery their site is still valid cenário. No rate limit with 130 paralell workers bypassing captcha to get ATO no click in 4 digit case.
Reported anyway. Big site and Ato there could lead to integrate login. Conpany now knows. Low pay, did for free.
I wonder. Do the company knows we use this to steal when they mark brute force as out of scope? Real crime does not care
u/Beginning_Award65 — 17 days ago