General Information

Generic Credential Enumeration

Variants:
Direct 

Also Known As:
Generic Email Enumeration

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
JEE

Target Type:
Application

Affected Mechanisms:
Information Disclosure Prevention

Invented In:
01/01/1999

Added In:
21/12/2014


Vector Operation Method:
Abuse an application mechanism behaviour to enumerate valid credentials.


Direct Variant:

Generic Username Enumeration

Also Known As:
Generic Credential Enumeration

Typical Severity:
Medium

Learn More: