There is a logic vulnerability in the verification code of the login interface

Is there an existing issue for this?

• I have searched the existing issues
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Can the issue be reproduced with the default theme (daylight/midnight)?

• I was able to reproduce the issue with the default theme
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Could the issue be due to extensions?

• I've ruled out the possibility that the extension is causing the problem.
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Describe the problem

After the front-end enters the correct verification code, the packet is captured and held, and then the current verification code can be used for unlimited replay attacks (the password can be cracked)

Step 1. Capture the packet

Step 2. Use the same verification code to blast password

Step 3. Find the correct password no need verifying the verification code

Expected result

The current verification code lifecycle ends after each login attempt

Screenshot or screen recording presentation

No response

Version environment

- Version: All Versions
- Operating System: All Systems
- Browser (if used): All Browsers

Log file

No need.

More information

No response