Lost Users
With this test, you will try to discover any information about system behavior, setup, or data, anything that helps you get into the target system.
To do this, enter a non-existing username. For example, you have the following username and password combination:
Username –
smartbear.Password –
ryAp1R0ck5.
Use this login request:
<login> <username> emery bear</username> <password> ryAp1R0ck5</password> </login>Here is the possible response:
<loginresponse> <error>That user does not exist</error> </loginresponse>
An attacker will potentially use this response to work through a number of usernames until they find the working one.