@cR0w Also, it's on the Change Password interface that implies post-auth, yet PR:N...

@cR0w I kinda get what they were going for it. "No rate limiting" basically means "no brute-force protection". In the absence of proper monitoring, that is a major issue.

@cR0w Yikes. My wife works at Cyberark, I'ma give her some shit about it 🫠