Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2016-005: Brute force bypass on default admin

Severity:
High (?)
Identifier:
SS-2016-005
Versions Affected:
3.1.18, 3.2.3, 3.3.1
Versions Fixed:
3.1.19, 3.2.4, 3.3.2
Release Date:
2016-05-11

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

Credit: Will RossiterĀ