NuytsTech Security

CVE-2019-15929

by ·

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

Date published : 2019-10-24

http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html

https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317—2019-01-31

Tags: