The Abyss Web Server v1.1.2 and below allow unlimited brute force password guessing on the remote admin management port, tcp 9999 with no logging or delay.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/30820/abyss.brute.txt
Source: https://packetstormsecurity.com/files/30820/abyss.brute.txt.html