Open codingchili opened 5 years ago
Use case could be credential stuffing, it's low hanging fruit for a timing attack whenever the passwords are properly stored. Also this trend of not disclosing whether the username exists or not can get debunked.
Use case could be credential stuffing, it's low hanging fruit for a timing attack whenever the passwords are properly stored. Also this trend of not disclosing whether the username exists or not can get debunked.