An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.