Also username enumeration can be performed because no application will allow two users to choose same username. Registration: Fake accounts can be created.Forgot password: Username enumeration can be performed if the web app responses with a verbose message stating that the account exists or not.Login: Account takeover can be performed by guessing right credentials.There are certain functionalities that are needed to be protected against brute force attacks. Let us know the importance of CAPTCHA: Protecting against authentication related attacks: If the answer is wrong then the user is stopped at that point and is presented with a new CAPTCHA until he answers correctly. If it is correct, then the application accepts the action (login, registration, forgot password). The user has to prove that he is not a robot by writing the characters of image as an answer to the CAPTCHA. A human can usually read it without too much difficulty. A human has to solve it using the challenge response system. It is used to determine whether or not the user is human. CAPTCHA is an acronym for “Computer Automated Public Turing test to tell Computers and Humans apart”.
0 kommentar(er)
