SS-2016-005: Brute force bypass on default admin

May 11, 2016

Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.

References

www.silverstripe.org/download/security-releases/ss-2016-005
github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2

Code Behaviors & Features

Detect and mitigate SS-2016-005 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →