To retrieve the password directly

To delete the user account

To find out if an email exists in the database

To change the password

Access the server logs

View all user passwords

Delete entire tables

Change the database schema

By sharing it with other attackers

By updating it to their own email address

By encrypting the email

By deleting the email from the database

They receive the password for the account

They encrypt the account data

They delete the account

They gain administrative access

The attacker has direct access to the database

The attacker uses server responses to make guesses

The attacker can see the results of their queries

The attacker can modify server configurations

Encrypting the database

Changing the server settings

Directly accessing the database

Identifying when the server returns successful responses

Because the attacker needs to wait for user input

Because the attacker needs to wait for server downtime

Because the attacker needs to decrypt data

Because crafting SQL statements and making guesses takes time