Skip to content
Affinity IT Security
  • Cybersecurity Assessments
  • GOV Info
  • Training
  • About
  • Contact
  • Articles

OUTSOURCE YOUR CYBERSECURITY

Increase security. Maintain compliance. Retain control.

Find Out How
Find and Fix Your Vulnerabilities.  Discretely. Now Find and Fix Your Vulnerabilities.  Discretely. Now

How To Test For Account Enumeration

March 13, 2017January 8, 2018 JoeHow To Test For ... ?, Web Application Vulnerabilities
Testing For Account Enumeration

If you are not already familiar with the concept of Account Enumeration, please see the article entitled “What Is Account Enumeration ?“.

Testing For Account Enumeration

Testing for account Enumeration is trivial in a white-box testing scenario.  Simply observe the responses from the following two tests:

  • Providing a legitimate account identifier and an invalid password
  • Providing a non-existent account identifier and any password

If the response is the same then it represents an Account Enumeration vulnerability.

In a black-box testing scenario, you must attempt to authenticate with many candidate account identifiers (with a common weak password) until you find one that returns a different response, or you exhaust your list.  That is, you iterate over candidate account identifiers using the same weak password, attempting to find a valid account.  Any attempt that returns a different response from the others should be examined to see if the system is distinguishing incorrect account identifiers from incorrect passwords.  Such a result is indicative of an Account Enumeration vulnerability.  If you exhaust your list of potential account identifiers without seeing different a response indicating a valid account identifier, the test is inconclusive.

For insight into how to avoid or fix Account Enumeration vulnerabilities, please see the article entitled “How To Prevent Account Enumeration“.

About Affinity IT Security

We hope you found this article to be useful. Affinity IT Security is available to help you with your security testing and  train your developers and testers.  In fact, we train developers and IT staff how to hack applications and networks.

Perhaps it was a network scan or website vulnerability test that brought you here.  If so, you are likely researching how to find, fix, or avoid a particular vulnerability.  We urge you to be proactive and ensure that key individuals in your organization understand not only this issue, but also are more broadly aware of application security.

Contact us to learn how to better protect your enterprise.

 

 

Although every effort has been made to provide the most useful and highest quality information, it is unfortunate but inevitable that some errors, omissions, and typographical mistakes will appear in these articles. Consequently, Affinity IT Security will not be responsible for any loss or damages resulting directly or indirectly from any error, misunderstanding, software defect, example, or misuse of any content herein.

Account EnumerationAuthenticationOWASPWebsite Vulnerabilities

Post navigation

What Is Account Enumeration ?
How To Prevent Account Enumeration
Bank of America logo Chubb institute logo emblem logo BNP Paribas logo CME group logo

Recent Posts

  • The City of Charleston, Capital City of West Virginia, Awards Affinity IT Security Services Network Security and Audit Services Contract
  • Affinity IT Security Services Awarded GSA Schedule for Highly Adaptive Cybersecurity Services
  • Changing the SDLC to Produce Secure Applications
  • Affinity IT Security Services Has New Focus on Critical Infrastructure Protection
  • Designing Secure API Services
  • On Complexity, Convenience, Risk, and Privacy

Categories

  • 1O Things …
  • How To Prevent … ?
  • How To Test For … ?
  • Press Releases
  • Reasons Why…
  • Uncategorized
  • Web Application Vulnerabilities
  • What Is … ?

Follow Affinity IT Security


Notice: Undefined index: screen_name in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 40

Notice: Undefined index: verified in /var/www/html/wp-content/plugins/custom-twitter-feeds/templates/header.php on line 21

Notice: Undefined index: profile_image_url_https in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 371

AffinityITSec Follow


Notice: Undefined offset: 0 in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CtfFeed.php on line 1924

Notice: Undefined offset: 0 in /var/www/html/wp-content/plugins/custom-twitter-feeds/templates/item.php on line 12

Notice: Undefined offset: 0 in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Display_Elements.php on line 22

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 31

Notice: Undefined offset: 0 in /var/www/html/wp-content/plugins/custom-twitter-feeds/templates/item.php on line 18

Notice: Undefined offset: 0 in /var/www/html/wp-content/plugins/custom-twitter-feeds/templates/item.php on line 19

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 58

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 58

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 27

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 136

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 136

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 145

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 154

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 154

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 145
@ ·
now


Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 31

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 67

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 489

Notice: Trying to access array offset on value of type null in /var/www/html/wp-content/plugins/custom-twitter-feeds/inc/CTF_Parse.php on line 497
Reply on Twitter Retweet on Twitter Like on Twitter Twitter
Load More

Cybersecurity is more critical than ever before. You need a partner with the right expertise.

Find and fix your vulnerabilities. Do it discreetly. Do it now.

Find and Fix Your Vulnerabilities. Discretely. Now

1243 Sussex Turnpike Suite #1, Randolph, NJ 07869
info@Affinity-IT.com
800.840.2335
  • 23 NYCRR 500 Compliance
  • About Us
  • Affinity IT Security
  • Application Security Testing
  • Articles
  • Be a Professional Hacker
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Penetration Tester
  • Best Hacker School
  • Best Hacking School
  • CEH Bootcamp
  • CEH Certification
  • CEH Exam
  • CEH Exam Preparation
  • CEH Instruction
  • Certified Ethical Hacker (CEH) Exam
  • Certified Ethical Hacker (CEH) Training Class
  • Choose the RIGHT Cybersecurity Partner
  • Contact Us
  • Cybersecurity Compliance
  • Cybersecurity Compliance Inquiry
  • EC Council CEH Accredited Training Center
  • Ethical Hacker Course
  • Ethical Hacker Course
  • Ethical Hacking Course
  • Getting Your CEH
  • GOV Info
  • Hacker Bootcamp
  • Hacker Training
  • HIPAA Compliance
  • Information Security Assessments and Penetration Tests
  • Information Security Training Inquiry
  • Learn Ethical Hacking
  • Learn Penetration Testing
  • Learn PenTesting
  • Network Security Testing
  • Network Vulnerability Assessment
  • PCI DSS Compliance
  • Penetration Test Training
  • Penetration Testing and Vulnerability Assessments Inquiry
  • Penetration Testing Bootcamp
  • Penetration Testing Course
  • Penetration Testing School
  • Pentesting Bootcamp
  • Pentesting Course
  • Pentesting School
  • Prepare For The CEH Test
  • Training
  • Training Course: Application Security and the SDLC
  • Training Course: Designing Secure Web Applications
  • Training Course: Employee IT Security Awareness
  • Training Course: Fundamentals of IT Security
  • Training Course: Gathering and Documenting Web Application Security Requirements
  • Training Course: Testing Web Application Security
  • Training Course: Understanding HIPAA Security Compliance
  • Training Course: Understanding NERC-CIP
  • Training Course: Understanding PCI-DSS
  • Website Security Testing
  • Website Vulnerability Assessment
  • What Cybersecurity Services Do You Actually Need ?
Powered by WordPress | Theme: Astrid by aThemes.