Open-source Mail Hosting and Management application, Modoboa <= v2.0.3, does not restrict unauthenticated login attempts allowing for brute force attacks at the login page.

• https://www.cve.org/CVERecord?id=CVE-2023-0860

• https://nvd.nist.gov/vuln/detail/CVE-2023-0860

• https://huntr.dev/bounties/64f3ab93-1357-4468-8ff4-52bbcec18cca/

Vulnerability discovered and reported by Kevin Suckiel (@0xsu3ks) January, 2023.