The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.Referenceshttps://www.drupal.org/node/2344423https://www.drupal.org/node/2344389
