Craft CMS possibility of brute force attempts
Critical severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2024
Description
Published by the National Vulnerability Database
Oct 24, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Feb 1, 2024
Last updated
Feb 1, 2024
In Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
References