In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| craftcms/cms(Packagist) | 0 | 3.1.7 | N/A |
CVSS Metrics
