No rate limiting in login form leads to bruteforce attack
1.Go to http://localhost:<port>/login
2.Login with wrong credentials
3.Capture POST request with Burp Suite and Send to Intruder
4.Create 100 null payloads and start attack
5.Noticed that all request return 200 status code