A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.
hackerone.com page doesnβt have any protection against password-guessing attacks (brute force attacks). Itβs recommended to implement some type of account lockout after a defined number of incorrect password attempts.
I personally tried many times with wrong password even though no account lockout was detected.
Fix : Implement captcha