Wrong error message in case of repeated authentication failure

Reproduction step:

• Try to login with an user (let's say Admin) 3 times with a wrong password
• Leave the login page (back to home, or just open a new tab)
• Try again to login from a clean login page (not one loaded after 3 failed attempts) with the right password

Obtained result:

• An error message will say that there's "invalid credentials" (see screenshot)

Expected result:

• I guess the error message should talk about a security issue? Not quite sure how we should present it.