EC-Council Certified Security Analyst (ECSA v8) — Question 12

Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

Answer options

• A. Invalid username or password
• B. Account username was not found
• C. Incorrect password
• D. Username or password incorrect

Correct answer: C

Explanation

The correct answer is C, as an 'Incorrect password' message indicates that the username exists but the password entered was wrong, giving the attacker validation of the username. The other options do not confirm the existence of a valid username, which makes them less useful for an attacker trying to guess usernames.