User enumeration
Description
The system provides different responses for existent and non-existent users, allowing an attacker to enumerate valid users via error messages, response times, frames count, among other techniques.
Impact
Obtain valid application usernames.
Recommendation
Set the same server response for existent and non-existent users.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 15 minutes.