Potential DoS due to PasswordPoliciesNotMet in errors.go

## Summary: Possible DoS depending on amount of `PasswordPolicyError` instances that can be created in a short time ``` type PasswordPoliciesNotMet struct { UnMetPasswordPolicies []PasswordPolicyError } func (e PasswordPoliciesNotMet) Error() string { errorStrs := make([]string, 0, len(e.UnMetPasswordPolicies)) for _, ppe := range e.UnMetPasswordPolicies { errorStrs = append(errorStrs, ppe.Error()) } return fmt.Sprintf("Password policies not met due to: %s", strings.Join(errorStrs, ", ")) } ``` ## Bug: The possible vulnerability is in the `PasswordPoliciesNotMet` struct. This struct collects all errors when password policies fail. But it does not limit the number of errors it can collect. If multiple instance of policies fail together, the struct will have huge number of errors. This can make system use lot of memory or even crash due to flood of errors. ## Fix: To fix this, we need to make sure the `PasswordPoliciesNotMet` struct doesn't collect an unlimited number of errors. Set a limit on how many errors it can store or find some other way to handle a large number of errors in better way. ## Impact Can lead to lot of memory consumption or denial of service(DoS) attack if many policies fail together.