With this test, you will try to discover any information about system behavior, setup, or data, anything that helps you get into the target system.
To do this, enter a non-existing username. For example, you have the following username and password combination:
Username –
smartbear
.Password –
ryAp1R0ck5
.
Use this login request:
<login> <username> emery bear</username> <password> ryAp1R0ck5</password> </login>
Here is the possible response:
<loginresponse> <error>That user does not exist</error> </loginresponse>
An attacker will potentially use this response to work through a number of usernames until they find the working one.