Many webapps don't perform authentication in constant-time operations which can result in a timing difference for authentication between valid and invalid user accounts. This can be used to enumerate valid and invalid usernames. This script tests the authentication pages for such issues.
tr4nc3/AuthTimer
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|