vulnerability username enumeration
severity 3.7
language typescript
registry other


Username Enumeration in traduora.

Proof of Concept

  1. setup traduora to reproduce the vulnerability
  2. go to sign in page http://localhost:8080/login
  3. Append non registered user email and password it shows Error,resource not found
  4. when Appending correct username and fake password it shows Error,unauthorized Using this way usernames can be enumerated


Able to Enumerate user email which is the username in sign in page