Testing for Account Enumeration and Guessable User Account (OTG-IDENT-004)

Summary
Most systems are provisioning with default and test accounts to aid the installation, configuration and testing of applications. These accounts are often overlooked when the system enters production. User account names are often structured and valid account names can easily be guessed. Other times, valid account names can be searched for using internet search engines.

Test objectives
Verify the structure of account names Verify the application's response to valid and invalid account names