CVE-2023-0860

HIGH

modoboa installer < 2.0.4 - Improper Restriction of Excessive Authentication Attempts

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-0860. PoCs published by 0xsu3ks.

AI-analyzed exploit summary This repository contains a writeup for CVE-2023-0860, detailing an unauthenticated brute force vulnerability in Modoboa Mail Hosting and Management application versions <= 2.0.3. The vulnerability allows attackers to perform brute force attacks on the login page due to lack of login attempt restrictions.

Description

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

Exploits (1)

nomisec WRITEUP
by 0xsu3ks · poc
https://github.com/0xsu3ks/CVE-2023-0860

This repository contains a writeup for CVE-2023-0860, detailing an unauthenticated brute force vulnerability in Modoboa Mail Hosting and Management application versions <= 2.0.3. The vulnerability allows attackers to perform brute force attacks on the login page due to lack of login attempt restrictions.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Modoboa Mail Hosting and Management application <= v2.0.3
No auth needed
Prerequisites: Network access to the Modoboa login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0050
EPSS Percentile 66.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-307
Status published
Products (2)
modoboa/installer < 2.0.4
pypi/modoboa 0 - 2.0.4PyPI
Published Feb 16, 2023
Tracked Since Feb 18, 2026