In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
craftcms craft cms |