|
|
|
|
|
|
by wtracz
4364 days ago
|
|
|
It's more pervasive than just registration too if you allow the username to be adjusted. This is again a problem with email addresses that also allows leakage. Regarding the probability of attack, people should monitor the number of different usernames attempted by a session/IP not just failed attempts against individual accounts. Otherwise it is very easy to try thousands of username combinations with a selected weak password. |
|
|