No Password Length Restriction leads to Denial of Service

Hey when I try to set the password while creating account I noticed that you haven't kept any password limit. You need to decrease password length :There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for Denial Of Service attack. Normally all sites have a password minimum to maximum length like 72 characters limit or 48 limit to prevent Denial Of Service attack. But in your registration page there are no limitation. Let me know if you need any more details. This is typically not DoS, but a vulnerability which may lead to DoS attack. The password I tried is: Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40Crissrock3%40 ## Impact As the response is seen, the server might not be able to handle such lengthy passwords coming from different machines simultaneously. The attacker can perform a DDOS attack by using this vulnerability.