Skip to content
Affinity IT Security
  • Cybersecurity Assessments
  • Compliance
  • Training
  • About
  • Contact
  • Articles

OUTSOURCE YOUR CYBERSECURITY

Increase security. Maintain compliance. Retain control.

Find Out How
Find and Fix Your Vulnerabilities.  Discretely. Now Find and Fix Your Vulnerabilities.  Discretely. Now

What Is Account Enumeration ?

March 13, 2017January 8, 2018 JoeWeb Application Vulnerabilities, What Is ... ?
What Is Account Enumeration

Account Enumeration describes an application that, in response to a failed authentication attempt, returns a response indicating whether the authentication failed due to an incorrect account identifier or an incorrect password.  In essence, it describes an authentication process in which the user is informed whether they provided a valid account identifier or not.

Account Enumeration is so named because the presence of the vulnerability allows an attacker to iteratively determine (i.e. to enumerate) the valid account identifiers recognized by the application.  If each failed attempt indicates the legitimacy of the identifier used, then it is possible to ascertain all valid accounts given sufficient time.

Account Enumeration Is A Vulnerability

Account Enumeration is a vulnerability because it facilities the task of password cracking by allowing attackers to discern the valid set of account identifiers.  As discussed in the article entitled “What Is Weak Authentication ?“, Password Cracking is facilitated if one or more account identifiers are known in advance.  It is for this reason in fact, that one could argue that an Account Enumeration vulnerability is a subtype of  Weak Authentication vulnerability.

For insight into how to detect Account Enumeration, please see the article entitled “How To Test For Account Enumeration“.

For insight into how to avoid or fix Account Enumeration vulnerabilities, please see the article entitled “How To Prevent Account Enumeration“.

About Affinity IT Security

We hope you found this article to be useful. Affinity IT Security is available to help you with your security testing and  train your developers and testers.  In fact, we train developers and IT staff how to hack applications and networks.

Perhaps it was a network scan or website vulnerability test that brought you here.  If so, you are likely researching how to find, fix, or avoid a particular vulnerability.  We urge you to be proactive and ensure that key individuals in your organization understand not only this issue, but also are more broadly aware of application security.

Contact us to learn how to better protect your enterprise.

 

 

Although every effort has been made to provide the most useful and highest quality information, it is unfortunate but inevitable that some errors, omissions, and typographical mistakes will appear in these articles. Consequently, Affinity IT Security will not be responsible for any loss or damages resulting directly or indirectly from any error, misunderstanding, software defect, example, or misuse of any content herein.

Account EnumerationOWASPPassword CrackingWeak AuthenticationWebsite Vulnerabilities

Post navigation

How To Test For Weak Authentication
How To Test For Account Enumeration

Recent Posts

  • Changing the SDLC to Produce Secure Applications
  • Affinity IT Security Services Has New Focus on Critical Infrastructure Protection
  • Designing Secure API Services
  • On Complexity, Convenience, Risk, and Privacy
  • A Strategy for Successfully Hiring Experienced Penetration Testing Staff
  • Measuring Phishing Risk

Categories

  • 1O Things …
  • How To Prevent … ?
  • How To Test For … ?
  • Press Releases
  • Reasons Why…
  • Uncategorized
  • Web Application Vulnerabilities
  • What Is … ?

Cybersecurity is more critical than ever before. You need a partner with the right expertise.

Find and fix your vulnerabilities. Do it discreetly. Do it now.

Find and Fix Your Vulnerabilities. Discretely. Now

1243 Sussex Turnpike Suite #1, Randolph, NJ 07869
info@Affinity-IT.com
800.840.2335
  • 23 NYCRR 500 Compliance
  • About Us
  • Affinity IT Security
  • Application Security Testing
  • Articles
  • Be a Professional Hacker
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Certified Ethical Hacker (CEH)
  • Become a Penetration Tester
  • Best Hacker School
  • Best Hacking School
  • CEH Bootcamp
  • CEH Certification
  • CEH Exam
  • CEH Exam Preparation
  • CEH Instruction
  • Certified Ethical Hacker (CEH) Exam
  • Certified Ethical Hacker (CEH) Training Class
  • Choose the RIGHT Cybersecurity Partner
  • Contact Us
  • Cybersecurity Compliance
  • Cybersecurity Compliance Inquiry
  • EC Council CEH Accredited Training Center
  • Ethical Hacker Course
  • Ethical Hacker Course
  • Ethical Hacking Course
  • Getting Your CEH
  • Hacker Bootcamp
  • Hacker Training
  • HIPAA Compliance
  • Information Security Assessments and Penetration Tests
  • Information Security Training Inquiry
  • Learn Ethical Hacking
  • Learn Penetration Testing
  • Learn PenTesting
  • Network Security Testing
  • Network Vulnerability Assessment
  • PCI DSS Compliance
  • Penetration Test Training
  • Penetration Testing and Vulnerability Assessments Inquiry
  • Penetration Testing Bootcamp
  • Penetration Testing Course
  • Penetration Testing School
  • Pentesting Bootcamp
  • Pentesting Course
  • Pentesting School
  • Prepare For The CEH Test
  • Training
  • Training Course: Application Security and the SDLC
  • Training Course: Designing Secure Web Applications
  • Training Course: Employee IT Security Awareness
  • Training Course: Fundamentals of IT Security
  • Training Course: Gathering and Documenting Web Application Security Requirements
  • Training Course: Testing Web Application Security
  • Training Course: Understanding HIPAA Security Compliance
  • Training Course: Understanding NERC-CIP
  • Training Course: Understanding PCI-DSS
  • Website Security Testing
  • Website Vulnerability Assessment
  • What Cybersecurity Services Do You Actually Need ?
Powered by WordPress | Theme: Astrid by aThemes.