I am working on an application. There is a new feature implemented where a user create some IDs and secret keys for that application.
I have observed that there is no rate limit for creating those.
I have sent the request to intruder and created nearly 11000 sets of IDs and secrets.
So whenever any user tries to access that page, it loads continuously and displays a message that page has become unresponsive and as a result it doesn’t let user to access anything in the page.
In my point of view, this is a vulnerability because lack of rate limiting is leading to inaccessibility of the page for all the users in the application.
However, I am confused if it is as considered as a DOS attack or valid rate limiting issue.
Please suggest with valid justification.