User Enumeration

Description

During the scan, Kayran managed to find a User Enumeration vulnerability.
User Enumeration is a vulnerability that occurs when an attacker can determine if usernames are valid or not. Most commonly, this issue occurs on login forms, where an error similar to “the username is invalid or in use” is returned.

Although username enumeration is not considered as a high-risk issue, it does provide the attacker with valuable information for further attacks.
It can also assist the attacker in getting users credentials.

An attacker can exploit this behavior by using lengthy lists of common usernames, known names, and dictionary words to observe the application response to all.

Recommendation

Make sure to return a generic “No such username or password” message when a login failure occurs.
Make sure your “forgotten password” page does not reveal any usernames.
Avoid having your site telling people that a supplied username is already taken.

References

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »