Impact
Lack of rate limiting on authentication views allows brute-force attacks.
Patches
Patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was created when the instance was set up.
Workarounds
Admins can update their nginx.conf files with the changes manually.
References
https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/
For more information
If you have any questions or comments about this advisory:
Impact
Lack of rate limiting on authentication views allows brute-force attacks.
Patches
Patched in version 0.4.5. Admins with existing instances will need to update their
nginx.conffile that was created when the instance was set up.Workarounds
Admins can update their nginx.conf files with the changes manually.
References
https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/
For more information
If you have any questions or comments about this advisory: