0X0002

**Name of the Vulnerable Software and Affected Versions** Concrete CMS (previously concrete5) versions prior to 9.1 **Description** The issue is related to the lack of a rate limit for password resets in Concrete CMS. This could potentially allow for brute-force attacks on user passwords. **Recommendations** For versions prior to 9.1, update to version 9.1 or later to resolve the issue. As a temporary workaround, consider implementing a custom rate limit for password resets until a patch is available. Restrict access to the password reset functionality to minimize the risk of exploitation.