In security contexts the term “enumeration” is understood to mean “brute force”. You can Google “enumeration attack” to see a bunch of examples where this is explicitly defined.
While a lot of security people misuse "enumeration" in this way, it's not accurate. They should use the term "oracle", eapecially since it's from the same field.
More concrete example: Account enumeration because the "forgot password" page tells the user "Unable to find account xyz@example.com" instead of "If your account xyz@example.com exists, then we have now send you an e-mail to recover your account".
If your forgot password page takes longer to respond when an account exists when it does not, it is also a side-channel attack.
blincoln|1 year ago
sebazzz|1 year ago
If your forgot password page takes longer to respond when an account exists when it does not, it is also a side-channel attack.
jftuga|1 year ago
This bypasses what you've mentioned.