Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

Toggle Arrow IconV2 - Authentication
Authentication Bypass2-Factor Authentication (2FA) BypassCAPTCHA Bypass - X-Forwarded-ForLack of Password ConfirmationLack of Verification EmailMail Bombing in the Contact FormMissing brute-force protection for two-factor authenticationNo Rate Limiting on a FormNo Rate Limiting or Captcha on Login PagePassword Cracking for Common/Weak Passwords when Password Policy is WeakUsername/Email Address EnumerationUsing Default Credentials Weak 2FA ImplementationWeak Login FunctionWeak Password PolicyWeak Registration Implementation over HTTP
Toggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access ControlToggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V2 - Authentication

Username/Email Address Enumeration

POC

1. Go to password reset/login/register or any other area that allows writing username or email address input


2. Write an existing username/email address with wrong password to observe error message


3. Write a non-existing username/email address to observe error message


4. See if error message leaks the information of the existence of username/email addresses



Impact

Low



Likelihood

Low


Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped