Lost Users II

Applies to ReadyAPI 3.10, last modified on October 07, 2021

During this test, you will try to discover security flaws in the response message using wrong user data.

  1. Send a request with a correct user name and a wrong password.

    <login>
        <username>smartbear</username>
        <password>yesitdoes!</password>
    </login>

  2. For example, you get the following response:

    <loginresponse>
        <error>Wrong user name for the password</error>
    </loginresponse>

The response you have got reveals that the password was correct, so the attacker will use it when trying to find a valid username-password combination.

See Also

Sample Login Tests

Highlight search results