A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.