Credentials Enumeration in Registration
Variants:
Direct
Also Known As:
Email Enumeration in Registration
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Registration, Information Disclosure Prevention
Invented In:
01/01/1999
Added In:
21/12/2014
Vector Operation Method:
Attackers can abuse registration mechanisms that reveal the validity of credentials such as usernames and emails, in order to reduce the time required for other credential enumeration, while focusing on identifying usernames or emails first, and than focusing on the password - as opposed to enumerating credential combinations.
