Account Harvesting
¨Technique used to determine
legitimate userIDs and even passwords of a vulnerable application
¨Targets
the authentication process when application requests a userID and
password
¨Works
against applications that have a different error message for users who type
in an
incorrect userID