What is an Enumeration attack?

During an enumeration attack, hackers verify records stored in a web server using brute-force methods.

These attacks occur on web pages that interact with web server databases after a user submits a form. The two most commonly targeted web app pages in enumeration attacks are login pages and password reset pages.

Key takeaways

  • Check icon
    To prevent enumeration attacks, web forms should never indicate the validity of submitted fields. Instead, an incorrect submission should simply let the user know that either the submitted username or password was incorrect.
  • Check icon
    Server response times could also indicate the validity of submitted records. Web servers commonly take longer to respond to incorrect submissions.
  • Check icon
    Limiting login attempts will mitigate brute force attacks, and therefore, enumeration attacks.
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating