Which of the following is an application alert returned by a web application that helps an
attacker guess a valid username?
A.
Invalid username or password
B.
Account username was not found
C.
Incorrect password
D.
Username or password incorrect
C
Ans:- C
if the usernane is correct an password is wrong then the error msg is..”.the password is incirrect”
it means the username is correct .
B. Account username was not found => is also correct.
You can determine if a username was registered or NOT through this response discrepancy.
I agree WhiteRabbit, both B and C are correct. They should say which “validates” a username, not “guess”