Description
The administrator login page is accessible to any IP address.
Bussines Impact
An attacker could exploit this finding to perform BruteForce on users / create a similar phishing page and more.
Recommendation
Define which IP addresses are allowed to access the administrator’s login page.