Spammer can send otp as many time they want #226
Description
The application has a flaw in the initiate_signin API. Currently, rate limiting is only enforced per email address or email domain, not per IP. This allows a malicious user to repeatedly change the email address and call the API, resulting in unlimited emails being sent. This loophole can be exploited for spamming and may lead to significant email credit loss.
`generate_random_string() {
length=$1
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
}
read -p "How many times do you want to run the request? " num_runs
if ! [[ "$num_runs" =~ ^[0-9]+$ ]] || [ "$num_runs" -eq 0 ]; then
echo "Error: Please enter a valid positive number."
exit 1
fi
for (( i=1; i<=num_runs; i++ )); do
dynamic_username=$(generate_random_string 10)
dynamic_domain=$(generate_random_string 6)
dynamic_email="${dynamic_username}@${dynamic_domain}.com" `