Rate limit password forgot feature
During a security audit an issue with Zitadel came up. The password forgot feature is not rate limited.
The argumentation of the auditor was that they can use it the email bomb a victim.
Is it possible to rate limit this feature or is there a back-off mechanism implemented?
The argumentation of the auditor was that they can use it the email bomb a victim.
Is it possible to rate limit this feature or is there a back-off mechanism implemented?
