user-names – WindowsTechs.com

Pentesters: Is it common for bruteforce/ dictionary attacks, e.g. for SSH username enumeration, to be successful in the real-world pentests? [closed]

Posted on June 30, 2024 by Shy

I am learning and practicing on vulnerable-by-design machines (vulnhub, metasploitable etc.). I found that this machine is running OpenSSH 7.5, and I tried a few exploits of Username enumeration from ExploitDB, which all ask for a wordlist… Continue reading Pentesters: Is it common for bruteforce/ dictionary attacks, e.g. for SSH username enumeration, to be successful in the real-world pentests? [closed]→

can I look up the passenger’s name? [closed]

Posted on March 5, 2024 by 朱哲伟

If I know the airline name, boarding time, gate, estimated boarding time, departure time, and seat number

Continue reading can I look up the passenger’s name? [closed]→

Is every string a possible username?

Posted on June 13, 2023 by God

I have noticed that a lot of websites only allow a fixed amount of username changes, and does not allow the reuse of a previously or currently used username. For example, on Fandom.com once a username is used, it can never be used again. O… Continue reading Is every string a possible username?→

SNMPv3 polls with encrypted usernames

Posted on June 30, 2022 by AhmedWas

When I perform SNMPv3 polls, I still can see the username in plain text in Wireshark. I find that a slight security risk. I mean knowing the username is a little step further ahead compared to not knowing the username nor the password.
I m… Continue reading SNMPv3 polls with encrypted usernames→

My gmail account name has been changed and misspelled by someone, not me

Posted on June 11, 2022 by Marta Kowalczyk

Something has changed in my gmail acct about 6 months ago. This odd account uses my photo and my real email and behaves like normal in all aspects except one. The label ID uses my married name formatted in a way I never use and the surname… Continue reading My gmail account name has been changed and misspelled by someone, not me→

Is storing a username in session storage a security risk?

Posted on June 7, 2022 by Mike V.

Goal
I have a page which verifies the user’s email address, that has access to their user id. From this page they’re redirected to the login page. I want their username to be filled in already. In other words, passing the username (or emai… Continue reading Is storing a username in session storage a security risk?→

Is it safe for website to generate fake profile pages?

Posted on April 11, 2022 by Phaidrin

Today I found a website which generates a fake profile when asked if said profile exists. Example: www.site.com/user/mycoolname doesn’t exist yet. But if I put it in the browser for the site I get a fake profile of mycoolname with no pictu… Continue reading Is it safe for website to generate fake profile pages?→

Your username can only be changed once?

Posted on August 30, 2021 by Bradford Griggs

I’ve seen quite a few security centric sites enforce this policy:

Your username can only be changed once

My question is: Is this done from a security standpoint? If yes, what is the logic behind it? My initial impression is that once you… Continue reading Your username can only be changed once?→

What are the industry recommendations on usernames?

Posted on August 26, 2021 by Jay

We’re having an internal debate within the NHS organisation I work for, around securing admin usernames. Our usernames are generally based on our names (e.g. tom jones username = tojo0001). Admin usernames are based on the low-level accoun… Continue reading What are the industry recommendations on usernames?→