Is it considered as a DOS attack if I add too much data to a page so that it doesn’t respond at all?


I am working on an application. There is a new feature implemented where a user create some IDs and secret keys for that application.

I have observed that there is no rate limit for creating those.

I have sent the request to intruder and created nearly 11000 sets of IDs and secrets.

So whenever any user tries to access that page, it loads continuously and displays a message that page has become unresponsive and as a result it doesn’t let user to access anything in the page.

In my point of view, this is a vulnerability because lack of rate limiting is leading to inaccessibility of the page for all the users in the application.

However, I am confused if it is as considered as a DOS attack or valid rate limiting issue.

Please suggest with valid justification.