Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V2 - Authentication

Username/Email Address Enumeration

POC

  1. Go to password reset/login/register or any other area that allows writing username or email address input
  2. Write an existing username/email address with wrong password to observe error message
  3. Write a non-existing username/email address to observe error message
  4. See if error message leaks the information of the existence of username/email addresses

Impact

Low

Likelihood

Low