Hacker News new | ask | show | jobs
by master_ant 3032 days ago
Holy crap. $15k for brute-forcing an unthrottled endpoint with GET requests? gratz on that payout
1 comments
IshKebab 3031 days ago
I assume payouts are linked to the severity of the attack rather than elegance.

Also in this case the throttling is an absolute requirement rather than a "nice to have, users set good passwords right?" thing.

link