# 2FA Code Brute-forceable

### Severity: 

<mark style="color:green;">**Low**</mark>

### How to test:

1. Submit invalid account credentials and a valid captcha on the login form.
2. Capture the request with a proxy. It can be submitted multiple times and with different authentication data.