Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge IDNT-04 & IDNT-05? #764

Open
tarasovkraud opened this issue Jul 7, 2021 · 3 comments
Open

Merge IDNT-04 & IDNT-05? #764

tarasovkraud opened this issue Jul 7, 2021 · 3 comments
Labels
help wanted revise Needs quality review, updates, or revision
Milestone
v5.0 Release

Comments

@tarasovkraud
Copy link

Hey! Please explain why WSTG-IDNT-05 is separated from WSTG-IDNT-04? Is a strict account format in a web application (eg John Doe - j.doe) is a vulnerability?
@tarasovkraud tarasovkraud added help wanted revise Needs quality review, updates, or revision labels Jul 7, 2021
@kingthorin
Copy link
Collaborator

  • 04 deals with account enumeration (ex: being able to figure out account names based on error message, known accounts (admin, Administrator) etc).
  • 05 deals with patterning in account names (ex: first 5 char of last name plus 1 char of first name, phonenumber, student number, etc)

They definitely overlap, and could probably be combine for v5.

@kingthorin kingthorin added this to the v5.0 Release milestone Jul 7, 2021
@kingthorin kingthorin changed the title WSTG-IDNT-05 Merge IDNT-04 & IDNT-05 Jul 7, 2021
@kingthorin kingthorin changed the title Merge IDNT-04 & IDNT-05 Merge IDNT-04 & IDNT-05? Jul 7, 2021
@github-actions
Copy link

Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.

@github-actions
Copy link

Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted revise Needs quality review, updates, or revision
Projects
None yet
Milestone
v5.0 Release
Development

No branches or pull requests
2 participants
@kingthorin @tarasovkraud