1. What is the issue? Please be detailed.
Impact:
By using Bruteforcing, one can guess the password of any user or admin and take over the account.
Fix:
Use CAPTCHA verification if many requests are sent.
2. What steps can we take to reproduce this issue?
3. What have you tried to fix the issue?
Restricting IP addresses, but that is not really a solution, as there are many in different countries that need to use the site.
4. Upload any test forms or screenshots below.
Please, introduce CAPTCHA in ODK Central to fix the problem. Now not only the security guys of WUR but also other guys urge us to resolve this security flaw.