Brute force attacks and DoS prevention
1. Vulnerability: The registration and login endpoints don't to implement rate limiting on Controller Level. This opens up the possibility for attackers to brute-force credentials.
2. Exploit
Brute Force Dictionary attack with RockYou Passsword List
3. Fix
We added controller level rate limiting inside login and register methods in AuthController, that checks if incoming requests exceeds the rate limit: 18c476b8
Edited by Lukáš Radovanský