7 lines
462 B
Plaintext
7 lines
462 B
Plaintext
== Ask Yourself Whether
|
|
|
|
* The application discloses that a username exists in its database: most of the time it's possible to avoid this kind of leak except for the "registration/sign-on" part of a website because in this case the user must choose a valid username (not already taken by another user).
|
|
* There is no rate limiting and CAPTCHA protection in place for requests involving a username.
|
|
|
|
There is a risk if you answered yes to any of those questions.
|