In this post, we discuss a weakness we discovered in the AWS Console authentication flow that allowed an attacker to partially bypass the login rate limit.