The application allows you to enumerate already registered and valid users through the page /en-ie/accounts/create/. The application returns different messages depending on whether the users are valid or not valid.
This information can help an attacker to:
Validate a list of addresses to use in phishing attacks;
Validate a list of usernames to make brute force attacks on credentials.
The application must always return the same message, whether the username is valid or not.
The application allows you to enumerate already registered and valid users through the page /en-ie/accounts/create/. The application returns different messages depending on whether the users are valid or not valid.
This information can help an attacker to:
Validate a list of addresses to use in phishing attacks;
Validate a list of usernames to make brute force attacks on credentials.
The application must always return the same message, whether the username is valid or not.