Hello team, while i was testing on https://namelessmc.com/login/ i noticed that there is no ratelimit protection on POST login form, so an attacker can takeover the account by brute forcing the password field
Steps to reproduce:
1- go to https://namelessmc.com/login/
2- Enter username and any password
3- Capture the request with burpsuite and start bruteforcing with our wordlist
POC Screenshot:
Patch recommendation:
Add ratelimit protecion on POST login endpoints/parameters