If the page has "Remember Me" functionality check how is it implemented and see if you can abuse it to takeover other accounts.
Pages usually redirects users after login, check if you can alter that redirect to cause an Open Redirect. Maybe you can steal some information (codes, cookies...) if you redirect the user to your web.
Check if you can enumerate usernames abusing the login functionality.
Check if auto-complete is active in the password/sensitive information formsinput: <input autocomplete="false"