Hello Team, Hope you are good! Summary: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. Description: Code frequently has to work with limited resources, so programmers must be careful to ensure that resources are not consumed too quickly, or too easily. Without the use of quotas, resource limits, or other protection mechanisms, it can be easy for an attacker to consume many resources by rapidly making many requests, or causing larger resources to be used than is needed. When too many resources are allocated, or if a single resource is too large, then it can prevent the code from working correctly, possibly leading to a denial of service. Vulnerable URL: https://solutions.mycointainer.com/password/reset/business -> https://mcb-auth.v2.mycointainer.com/business/auth/users/password/forgot Steps To Reproduce: Go to “ https://solutions.mycointainer.com/password/reset/business” . Enter your email and click on "FORGOT PASSWORD". Send it to the intruder and select any area for attack. Hit attack. Boom Mitigation: Monitoring API activity against your rate limit. Catching errors are caused by rate-limiting. Reducing the number of requests. Extra precautions are taken with login, OTP, vouchers, etc. Reference: https://cwe.mitre.org/data/definitions/770.html Note: I attached the screenshots. Regards Unique Kamboj
