Team, I observed that there is no lockout policy in place due to which a malicious actor could perform a brute-force attack against the login portal which can lead to account takeover. At least there should be a throttling mechanism in place.
concrete5 Environment Information
Browser User-Agent String
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0
You are allowed to delete your post for 5 minutes after it's posted.