Credentials Enumeration in Login
Variants:
Direct
Also Known As:
Email Enumeration in Login
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Authentication Verification, Information Disclosure Prevention
Invented In:
01/01/1999
Added In:
23/12/2014
Vector Operation Method:
Attackers can abuse login mechanisms that reveal the validity of usernames to reduce the time required for credential enumeration, while focusing on identifying usernames first, and than focusing on the password - as opposed to enumerating credential combinations.
