A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.
http://web.archive.org/web/20230122144550/https://brackish.io/chamberlain-myq-account-takeover/