Spamming webhost and causing DOS.

[BubbaGumper]

PassCore Server

• OS: Windows 2019
• Provider: Active Directory or LDAP

Describe the bug
When submitting password change, there is a huge delay in the responsiveness of the system. Hosting server has 4x CPU and 16 GB of RAM. IIS, .NET CPU usage maxes at 15%. When running a browser capture, there a thousands of POST events to https://[host]/api/password. These are called from 879505b3.js line 702. Every call submits the user details. Server begins to return 400s with numerous errors flashing across the user interface. Further, Wireshark captures of LDAP traffic is in the hundred thousands.

To Reproduce
Steps to reproduce the behavior:

1. Fill out webform
2. Press F12
3. Click CHANGE PASSWORD
4. Watch the errors flood in (30,000+)

Expected behavior
Form should submit one request and await status.

Screenshots

Desktop

• OS: Windows 10 / Windows 2019
• Browser Edge, Chrome
• Version Latest

[mihaimacarie98]

I have the same issue with the latest version. I downgraded it and the number of requests is reduced.

[simonai1254]

Also have a look at #605, I think it's the same thing

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.