No, that’s the thing. This bug wasn’t just present on client side, if it was so then it wouldn’t be a bug at all. This allowed me to manipulate the number of login attempts I could make, as they carried out the check only on the client side.

I agree with you on the part that many a times these parameters are found on the client side but even if we change them that doesn’t stay that way and the server changes it back to the original value.