SS-2016-005: Brute force bypass on default admin
- Severity:
- High (?)
- Identifier:
- SS-2016-005
- Versions Affected:
- 3.1.18, 3.2.3, 3.3.1
- Versions Fixed:
- 3.1.19, 3.2.4, 3.3.2
- Release Date:
- 2016-05-11
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
Credit: Will RossiterĀ