ipa: No password length restriction leads to denial of service
A flaw was found in IPA. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability...