There currently is no automatic logout, and since one can use the URL to provide log-in parameters, this could be used to force-guess passwords.
Details (copied from Security Report):
Test Type: Application
Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html (Parameter = mgnlUserPSWD)
Remediation Tasks: Enforce account lockout after several failed login attempts