7.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.8%
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html
github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31