/check_password might be used to brute-force hack user passwords
/check_password
route is not rate-limited, so attackers might call it with any frequency for the same user.
See Pleroma.Plugs.RateLimiter
plug.
/check_password
route is not rate-limited, so attackers might call it with any frequency for the same user.
See Pleroma.Plugs.RateLimiter
plug.