Because this works, here's a reminder: if it's a cloudy-distributed-load-balancy-microservicy-fancy-rate-limiting-thing, it's often not concurrency-safe because there is no single-point-of-truth accessed in a concurrency-safe way and you can exploit it from the network https://www.pentagrid.ch/en/blog/password-reset-code-brute-force-vulnerability-in-AWS-Cognito/ #infosec #pentesting
