VC-D-1 — OID4VCI token endpoint flooded
Component: vc Platform. Mitigations: Token endpoint rate-limited (20/min per IP) in verifier; apigw limits not documented. Action: Implement per-IP rate limiting on all apigw public endpoints
| Property | Value |
|---|---|
| Section | Denial of Service |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-02 | Input Validation and Injection Prevention |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md