1. 13
  1. 2

    Quote from Wikipedia:

    An enumeration is a complete, ordered listing of all the items in a collection.

    Could someone enlight me on this? What the Article describes doesn’t seem like “complete listing”.

    1. 3

      To enumerate can also mean “to build a list” which is closer to this usage, but I’d agree it was used imprecisely.

      I’d prefer calling this a username oracle attack!

      1. 4

        A couple decades late I think. Guess and check attacks have been called enumeration for quite a while.

        1. 2

          it’s never too late to tilt at windmillsencourage precise speech!

          Legitimately though - good to know this is common parlance in the security community.

        2. 2

          Given enough time (possibly heat death of the universe scales) this method could create a full enumeration.

        3. 1

          It could be seen as a complete listing, if the “collection of usernames” isn’t interpreted to be the collection of all usernames the server has, but rather all usernames the attacker cares about.