Reddit: Misconfigurated login page able to lock login action for any account without user interaction

Summary While observing a few things about the login feature, I found that the account was locked after a certain number of requests. Although this feature is actually added to prevent problems such as rate limit, it is open to account lock attacks by attackers. PoC 1. Save this code as exploit.p...