top | item 7973764

(no title)

wtracz | 11 years ago

It's more pervasive than just registration too if you allow the username to be adjusted. This is again a problem with email addresses that also allows leakage.

Regarding the probability of attack, people should monitor the number of different usernames attempted by a session/IP not just failed attempts against individual accounts. Otherwise it is very easy to try thousands of username combinations with a selected weak password.

discuss

No comments yet.