Empty String Password
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Empty string password allows attackers that obtain the cooresponding user name, which is normally public or easily guessable, to log in to the application. This also makes a brute-force attack much easier, in which an attacker only needs to guess the right user name in order to get in.
Attackers try to obtain a log in account of the application.
- Brute-force Attack against application log in interface.