Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Vlatko Kosturjak <kost () linux hr>
Date: Fri, 11 Nov 2011 23:13:26 +0100

On 11/11/2011 07:27 PM, Patrik Karlsson wrote:
Hi Kost,

The attached patch contains some cleanup of the nexpose-brute script.
Before I commit it though I wanted to get some opinions from the list in
regards to account lockout.

In general I haven't bothered too much with account lockout before, but
Nexpose locks accounts after 4 incorrect attempts per default. In the
community edition I have been testing it against, I can't get back in
without restarting the as the only account I have gets locked. So, my
question is, do we need to address this in some way, limiting the amount of
tries to 3 per account and allowing the user to force more attempts through
a script argument?

Yes, NeXpose is the only one which have account lockout in place. How it is done for other protocols now?

Kost
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault