User Enumeration- Forgot Password #VDP

Dec 16, 2021


User Enumeration:

User Enumeration is a kind of vulnerability where a malicious user tries to identify whether a particular user is registered or not in an organization.


At the forgot password select any email address you want to look up enter email value such as “” if it’s registered it sends an email directly if not the application is responding with an error page “ No user exists for this e-mail address: “”

Using this error code we would be able to identify if a user is existing in the application or not.


Instead of relying on status code response, a custom response would be able to fix this issue “for e.g: if a user account exists with this email address you will receive an email shortly