Hello ReddApi Security Team,
Login page can be brute forced due to lack of captcha or backoff
An attacker can bruteforce for a particular username and can get a possibly a account takeover.
I have made a proof of concept video of the same:- https://www.youtube.com/watch?v=zX0jXkMqiCo The above video is unlisted.
With Regard's Aditya Agrawal