Roman Shchekin

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.5.x through 9.5.12 Mattermost versions 9.11.x through 9.11.4 Mattermost versions 10.0.x through 10.0.2 Mattermost versions 10.1.x through 10.1.2 **Description** The issue allows an attacker to bypass the "Max failed attempts" restriction by sending multiple login requests simultaneously, which can lead to a large number of login attempts before being blocked. This is due to the software's failure to prevent concurrent checking and updating of failed login attempts. **Recommendations** For versions 9.5.x through 9.5.12, update to a version newer than 9.5.12 to resolve the issue. For versions 9.11.x through 9.11.4, update to a version newer than 9.11.4 to resolve the issue. For versions 10.0.x through 10.0.2, update to a version newer than 10.0.2 to resolve the issue. For versions 10.1.x through 10.1.2, update to a version newer than 10.1.2 to resolve the issue.