[keycloak-user] Password Reset Email - Security Risk

[Vinay]

Hi,

When using password reset function an email is sent to the user in order to
change the password. There is no limitation in number of password change
requests a user can do and a malicious user could generate a number of
requests and hence as many email to the victim's email inbox. This is a
potential security risk.

Is there a way to stop this ?

-Vinay