Cyber Security Terms
Enumeration Attack

What is an Enumeration attack?

During an enumeration attack, hackers verify records stored in a web server using brute-force methods.

These attacks occur on web pages that interact with web server databases after a user submits a form. The two most commonly targeted web app pages in enumeration attacks are login pages and password reset pages.

Key takeaways

  • Check icon
    To prevent enumeration attacks, web forms should never indicate the validity of submitted fields. Instead, an incorrect submission should simply let the user know that either the submitted username or password was incorrect.
  • Check icon
    Server response times could also indicate the validity of submitted records. Web servers commonly take longer to respond to incorrect submissions.
  • Check icon
    Limiting login attempts will mitigate brute force attacks, and therefore, enumeration attacks.
  • Check icon
  • Check icon
Reviewed by
No items found.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

More from our blog

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape