This Challenge has been featured in the FIRSTCON23 CTF, as such it has been made available for free for 1 week: 8th June - 15th June
Try it now 
Energy.js
One of the largest electricity providers in Australia was subjected to a password guessing attack. The attack resulted in unauthorised access to more than 300 customers.
The Energy.js challenge is inspired from this incident. Password guessing attack against authentication system is common. There are a few places where the system leaks user information.
Find these holes and effectively fix them.