Quote from Wikipedia:
An enumeration is a complete, ordered listing of all the items in a collection.
Could someone enlight me on this? What the Article describes doesn’t seem like “complete listing”.
To enumerate can also mean “to build a list” which is closer to this usage, but I’d agree it was used imprecisely.
I’d prefer calling this a username oracle attack!
A couple decades late I think. Guess and check attacks have been called enumeration for quite a while.
it’s never too late to tilt at windmillsencourage precise speech!
Legitimately though - good to know this is common parlance in the security community.
Given enough time (possibly heat death of the universe scales) this method could create a full enumeration.
It could be seen as a complete listing, if the “collection of usernames” isn’t interpreted to be the collection of all usernames the server has, but rather all usernames the attacker cares about.
Quote from Wikipedia:
Could someone enlight me on this? What the Article describes doesn’t seem like “complete listing”.
To enumerate can also mean “to build a list” which is closer to this usage, but I’d agree it was used imprecisely.
I’d prefer calling this a username oracle attack!
A couple decades late I think. Guess and check attacks have been called enumeration for quite a while.
it’s never too late to
tilt at windmillsencourage precise speech!Legitimately though - good to know this is common parlance in the security community.
Given enough time (possibly heat death of the universe scales) this method could create a full enumeration.
It could be seen as a complete listing, if the “collection of usernames” isn’t interpreted to be the collection of all usernames the server has, but rather all usernames the attacker cares about.