2009-11-23, 05:24 AM
MyBB's authentication system blocks excessive incorrect login attempts, however it appears to be solely cookie based. Deleting the loginattempts cookie that is set and incremented on each incorrect login appears to reset this limit.
Doesn't effectively having this limit controllable by the client defeat the purpose of limiting login attempts, or am I really missing something?
Doesn't effectively having this limit controllable by the client defeat the purpose of limiting login attempts, or am I really missing something?