The technique allows threat actors to test large numbers of usernames and passwords without creating or registering an OAuth ...