The absence of rate limiting on email-related actions (e.g., login attempts, password reset requests) allows unlimited requests without restriction.
Impact:
Brute Force Attacks: Attackers can guess passwords through repeated attempts. Email Bombing: Flooding a user's inbox with excessive requests. Account Enumeration: Identifying valid email addresses by observing server responses. Service Overload: Straining the server with high request volumes. Mitigation: Implement rate limiting and CAPTCHA to prevent abuse.
