Element omission is opposite to element duplication. In both cases, you are trying to cause the service to reveal sensitive information with unexpected requests.
To create a request of this type, omit some elements from the body:
<login>
<username> smartbear</username>
</login>
The response reveals an element you need to gain access to the service.
<loginresponse>
<error>element password is expected.</error>
</loginresponse>
Also, try the following:
Replace the username with a password:
<login> <password>ReaDyAP1R0ck5</password> </login>
Remove all elements:
<login> </login>