During this test, you will try to discover security flaws in the response message using the wrong user data.
Send a request with the correct username and the wrong password.
<login> <username>smartbear</username> <password>yesitdoes!</password> </login>For example, you get the following response:
<loginresponse> <error>Wrong user name for the password</error> </loginresponse>
The response you have got reveals that the password was correct, so the attacker will use it when trying to find a valid username-password combination.