231 – Message flooding
Description
It is possible to send mass messages to the phones numbers and emails of the victims, causing saturation of the inbox and consuming resources of the user.
Impact
- Flood the inbox of the victim. - Increase abruptly the consumed resources of the device. - Hide important information from other messages. - Facilitate other attacks like phishing.
Recommendation
Restrict the consecutive sending of messages through mechanisms such as time delays or controls over the amount of messages sent. Implement a verification system such as CAPTCHA to ensure that messages are not sent by bots or automated scripts.
Threat
External attacker with access to the code.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): N
- Integrity (VI): L
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X