Monstra 3.0.1 Bruteforce Mitigation Bypass

`#Monstra <= 3.0.1 Admin Bruteforce Limit Bypass  
  
admin/index.php  
  
:33-42  
  
// Admin login  
if (Request::post('login_submit')) {  
  
if (Cookie::get('login_attempts') && Cookie::get('login_attempts') >= 5) {  
  
$login_error = __('You are banned for 10 minutes. Try again  
later', 'users');  
  
} else {  
  
$user = $users->select("[login='" .  
trim(Request::post('login')) . "']", null);  
}  
  
The code blocks bruteforce attempts simply by placing a cookie called "login_attempts" in the victims browser an attacker can craft a bruteforce script that either clears cookies or does not send cookies at all.  
`