An enumeration attack is when cybercriminals use brute-force methods to check if certain data exists on a web server database. The two most common web application targets for enumeration attacks are: The login page Password reset page
To explain this process, we will use an example of a username enumeration attack - when attackers try to find usernames in a web server database.
How to Prevent Server Response Message Enumeration Attacks
Server response time authentication facilitating an enumeration attack - Source: rapid7.com