|
|
|
|
|
|
by SahAssar
35 days ago
|
|
|
Password attempt lockouts where not scoped to anything besides the account itself. By just spamming a few attempts per account you could lock all admin accounts meaning that there was no admin to unlock the other accounts. The only solution in such a case would be to manually remove the lockout flags in the db. |
|
|