Bypassing rate limits via race conditions

Imagine we have this website.

now let’s try to login.

As shown we get banned if we made more than a login faliure

now let’s intercept the login request.

Now let’s get the passwords.

now let’s attack.

now let’s login.