CVE-2014-9006
Monstra 3.0.1 and earlier are affected: the login flow uses a cookie (login_attempts) to count login attempts. The root cause is cookie-based tracking that can be bypassed by deleting the cookie or setting it to specific values, enabling brute-force login attempts. The PacketStorm writeup shows a...