No Rate Limitting at Change Password

Hello Team, I found out that you didnt implement a Rate Limitting on Change Password. **Scenario** This Scenario is Limited. But some of Programs here consider this. Victim Forgot to logout his/her account in Cafe/Internet Computer Shops. Attacker saw the Account that it is not Logged out having a knowledge with this vulnerability. Attacker dont have any idea about Victim's Password and allowing him to bruteforce the Victim's Password via Change Password. **Proof Of Concept** {F179198}