No rate limit on the login portal of pypicloud.
Here is the POC video. https://drive.google.com/file/d/1XjUDfHgVtTQfuvxzI4SFEsF5utQe5ZFz/view?usp=drivesdk
403 when the password is incorrect 200 when the password is correct
By this vulnerability, an attacker is capable of brute-force user accounts and gain access which could lead to account loss and could also do further damage.