Password attempt lockouts where not scoped to anything besides the account itself. By just spamming a few attempts per account you could lock all admin accounts meaning that there was no admin to unlock the other accounts.
The only solution in such a case would be to manually remove the lockout flags in the db.
The only solution in such a case would be to manually remove the lockout flags in the db.