Username Enumeration Lab

Level 1 Authentication simulation: learn how inconsistent login or reset responses can reveal whether an account exists.

Beginner

Authentication • 20 min

Learning Objectives

This lab is a controlled simulation only. No real backend or dangerous code execution is used.

Objective 1

Review a fake auth flow and compare response behavior for valid and invalid usernames.

Objective 2

Identify how leaked account existence helps attackers focus later password or recovery attacks.

Objective 3

Understand why response consistency matters in login and reset workflows.

Challenge Area

Use the input fields below to safely simulate the vulnerable behavior.

Existing Username

Fake Auth Response Comparison

Username checked: admin -> "Password reset link sent to registered email." Username checked: guest -> "No account found." Submitted username: (none yet)

Result Panel

Review the fake auth responses and enter the username that appears to exist based on the system behavior difference.

Hints

Reveal them progressively if you get stuck.

Click the hint button to reveal progressive guidance.