PAD CMS Client-Side Brute-Force Protection Bypass Vulnerability

Vulnerability

A vulnerability exists in PAD CMS due to weak client-side brute-force protection implemented with two cookies, login_count and login_timeout. This information is not stored on the server, allowing attackers to bypass brute-force defenses by resetting these cookies. The vulnerability affects all three templates: www, bip, and www+bip.

Impact

Exploitation of this vulnerability allows attackers to bypass brute-force protection mechanisms, potentially leading to unauthorized access or account compromise.

Added: Sep 30, 2025, 11:58 AM

Updated: Sep 30, 2025, 11:58 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PAD CMS Client-Side Brute-Force Protection Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating