This vulnerability is a really easy one to defend.. As dev you can block the account after a number of failed login attemps or just add an exponential delay, like 3 tries, 1 minute delay, 4 tries, 10 minutes delay, 5 tries 100 minutes delay and so on..
You are viewing a single comment's thread from: