The application responds to requests with information that indicates whether an account exists or not. Attackers can user this information to enumerate user accounts that can be used as a part of a brute force attack against the application.
Attackers use information such as login error messages to enumerate usernames within the application. Attackers can use harvested accounts to launch additional attacks including phishing, brute force guessing of passwords, or denial of serving by intentionally locking valid users out of their accounts.
How To Test
Sample Report Screenshots
Time Saving Tips