Lost Users

Applies to ReadyAPI 3.5, last modified on January 19, 2021

With this test, you will try to discover any information about system behavior, setup, or data, anything that helps you get into the target system.

To do this, enter a non-existing username. For example, you have the following username and password combination:

  • Username – smartbear.

  • Password – ryAp1R0ck5.

  1. Use this login request:

    <login>
        <username> emery bear</username>
        <password> ryAp1R0ck5</password>
    </login>

  2. Here is the possible response:

    <loginresponse>
        <error>That user does not exist</error>
    </loginresponse>

An attacker will potentially use this response to work through a number of usernames until they find the working one.

See Also

Sample Login Tests

Highlight search results