<p>Authentication attempts made against to /cgi-bin/luci/admin/ and ssh are not logged or limited in any way. An attacker can brute force passwords without any limitations or outward indications to a device administrator.</p>

<p>Lock out authentications after a number of failed attempts. Log failed attempts and present recent failures to the device administrator upon successful authentication.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href='https://github.com/opentechinstitute/commotion-openwrt/issues/30'>view it on GitHub</a>.<img src='https://github.com/notifications/beacon/HSS0tS4nfORw_XnPQF8f0YcHORvf_jxePEvndOfv02LSOxve1s0NSVkpHHupVHbS.gif' height='1' width='1'></p><img src="http://sgmail.github.com/wf/open?upn=uoQOw53Jnd2odJf4vBwXdWVdsaw-2BPa0VRjcdx3LMVfBbGirQjXWVZgBsPfndqXEjcFAiG19QUkQPYH-2B063ndJ1UC62nSmJLvJrvabuOgOql5lvR7WhFfZWziu0v-2BdfyblrLn9qN3UTpe0FinGiPliuipSJ3qJefS1cc1Rbl-2BpvTAV0EDvxf33E4kBN36Mg8fdlwKbKeiDvv7iIiClfmq93G0XflfE3LqiWeWuE2BTTU-3D" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/>