Enumeration Attacks use automation to rapidly iterate through numeric or alpha-numeric sequences used as identifiers for public-facing applications with the end goal of discovering legitimate web conferencing meeting, valid gift card numbers or an in-transit shipment.
Enumeration and Snooping Attack
Automation allows a bad actor to launch enumeration attacks directly against the application APIs as shown in the Prying-Eye vulnerability where a bot cycles through (enumerates) and discovers valid numeric meeting IDs. If the common user practice of disabling security functionality is followed, then the bad actor would be able to view or listen to an active meeting.
Targeting the web conferencing application APIs directly, this attack (1) uses a bot to enumerate and discover the numeric, or alphanumeric identifiers that (2) perform the attendee access control function. If the application is not protected by a password or other authentication mechanism, (3) the bad actor can surreptitiously gain access to the web meeting.