This module enables you to login with an email address.
The module doesn't sufficiently check if a user account is active when using email login.
This vulnerability is mitigated by the fact that an attacker must have an account in the website that is blocked.