Описание
Craft CMS possibility of brute force attempts
In Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Пакеты
Наименование
craftcms/cms
composer
Затронутые версииВерсия исправления
< 3.1.7
3.1.7
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.