# Cognito Account Enumeration

<figure><img src="/files/9pkGGfb4YrQiOFwCWd8P" alt=""><figcaption></figcaption></figure>

Cognito에서 패스워드 기반 로그인 시 `사용자 존재 오류 방지` 기능이 꺼져있다면, 존재하지 않는 계정과 존재하는 계정으로 로그인을 시도했을 때 서버의 응답 차이로부터 계정 열거가 가능합니다.

## Abuse

<pre class="language-bash"><code class="lang-bash"><strong># 계정 존재유무 확인
</strong>aws cognito-idp initiate-auth --region '&#x3C;region>' --client-id '&#x3C;client-id>' --auth-flow USER_PASSWORD_AUTH --auth-parameters USERNAME=admin@test.com,PASSWORD=x
</code></pre>

## Demo

<figure><img src="/files/aZrGePOHgmnhEWrQEg3n" alt=""><figcaption></figcaption></figure>

## References

{% embed url="<https://hackingthe.cloud/aws/enumeration/bypass_cognito_user_enumeration_controls/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pentestwiki.com/cloud/aws/undefined/cognito-account-enumeration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.