wagtail is vulnerable to timing attack. The password check in the Privacy
controls is performed by a character-by-character string comparison allows an attacker to measure the time taken to perform the check. It is found that there is a high degree of accuracy which would allow an attacker to discover user credentials.