Thunderbolt route management login can be cracked (high probability)
The login to the thunder route management can be cracked, and the last four pure numbers of the SN login method is weak.
Thunderbolt route management login can be cracked
Because the last four digits of the SN are used to log on to the thunder route, the password range of this method is 0000 ~ 9999.
The total number of password combinations is 10000. The API method can be cracked without any restrictions!
POST http://www.peiluyou.com: 9999/offlinelogin? _ Act _ = offLineLogin & pdtid = 3 & routerId = xxxxxx & uid = null
POST parameter: data = {"SN": "xxxx "}
Last 4 digits of SN
Password error code:
Var userData = {"errorCode": "1803", "errorMsg": "Incorrect logon password "}
Correct password:
Var userData = {"errorCode": "0", "uid": "xxxxxx "}
Solution:
What are the restrictions on wrong login? 10 times per minute?