Lack of protection against brute force attacks - Credentials
Description
The application has no protection against automated attacks to guess valid promotional codes.
Impact
Increase the chances of getting valid credentials.
Recommendation
Implement a control to prevent this type of attack and to ensure that the function is not executed by a robot. E.g. captcha, blocking by delay in the number of failed attempts, among others.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 10 minutes.