Closed zhamadagithub closed 2 months ago
@zhamadagithub, thank you for opening this issue. We will triage it within the next few business days.
Hello @zhamadagithub, thank you for bringing this issue to our attention. We have created an internal work item to investigate and address this.
Our security team is asking for an ETA on when this vulnerability will be resolved. Thank you!
Every bug report should have precise description and reproduction steps; console traces or source code references are appreciated.
For assistance requests, contact Azure support or submit a post on Stack Overflow. We don't provide support through GitHub Issues. Feature requests can be raised on the Azure Feedback Forum.
Bug description
A bypass of the rate limiting feature was found at the password reset page. Bypasses of rate limiting mechanisms such as CAPTCHA can allow an attacker to automate attacks at the specific endpoint and consume unnecessary resources on the server, potentially causing service disruption and denial-of-service. This also circumvents a multitude of other factors including security, data accuracy, spam, and protection against bots.
Reproduction steps
Expected behavior
A clear and concise description of what you expected to happen.
Is your portal managed or self-hosted?
Azure Managed
Environment
Out of the box Azure APIM
Additional context
Recommended fix: