GHSA-8v6m-7f5v-hhx6: Silverstripe Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-005-1.yaml
- github.com/advisories/GHSA-8v6m-7f5v-hhx6
- github.com/silverstripe/silverstripe-framework
- github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
- www.silverstripe.org/download/security-releases/ss-2016-005
Code Behaviors & Features
Detect and mitigate GHSA-8v6m-7f5v-hhx6 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →