Bug Hunting Methodology - Rate Limiting
Contents
Rate limiting bugs can have decent impact in some scenarios:
- Resetting user’s password with a guessable value could be brute forced.
- Attackers could use the server to spam particular users by sending a huge amount of requests, which could impact company reputation. (Email bombing).
- A user’s account could be online-brute forced.