🔥 3-day streak
CompTIA PenTest+ (PT0-003)171 / 175
Question 171 of 175
During a web application assessment, you observe that a custom login endpoint returns the response 'Invalid password for user' when a valid username is submitted with a wrong password, but returns 'Unknown account' when the username does not exist. Additionally, requests for valid usernames take noticeably longer to process. Which vulnerability class does this behavior most directly represent, and how would you leverage it?
Reviewed for accuracy · Report an issueNext question