User Enumeration- Forgot Password #VDP

User Enumeration:

User Enumeration is a kind of vulnerability where a malicious user tries to identify whether a particular user is registered or not in an organization.

Vulnerability:

At the forgot password select any email address you want to look up enter email value such as “abc@gmail.com” if it’s registered it sends an email directly if not the application is responding with an error page “ No user exists for this e-mail address: “abc@gmail.com”

--

--

Lazy Kid | Security Analyst |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store