|
|
|
|
|
|
by sebazzz
703 days ago
|
|
|
More concrete example: Account enumeration because the "forgot password" page tells the user "Unable to find account xyz@example.com" instead of "If your account xyz@example.com exists, then we have now send you an e-mail to recover your account". If your forgot password page takes longer to respond when an account exists when it does not, it is also a side-channel attack. |
|
|
This bypasses what you've mentioned.