An issue exists in Joomla! 4.2.0 up to and including 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
joomla joomla\\!