When Memcached is used as backend:
https://github.com/nextcloud/server/blob/c705b8fcb3de7910e67cd2ed2d2b38653f58962a/lib/private/Server.php#L787-L799
The following code block is problematic:
https://github.com/nextcloud/server/blob/90104bc1c448c6da2fd3e052fca75bb3fb261c87/lib/private/Memcache/Memcached.php#L135-L139
I guess we need to check the actual cache type and use the DB backend when Memcached is used?
Any action that partly resets any cache entry will wipe rate limit attempts and future bruteforce protection (with https://github.com/nextcloud/server/pull/39870 )