Which of the following is an application alert returned by a web application that helps an
attacker guess a valid username?
A.
Invalid username or password
B.
Account username was not found
C.
Incorrect password
D.
Username or password incorrect
Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?
Which of the following is an application alert returned by a web application that helps an
attacker guess a valid username?
C
Ans:- C
if the usernane is correct an password is wrong then the error msg is..”.the password is incirrect”
it means the username is correct .
B. Account username was not found => is also correct.
You can determine if a username was registered or NOT through this response discrepancy.
I agree WhiteRabbit, both B and C are correct. They should say which “validates” a username, not “guess”