Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] metasploit-msgrpc-brute

From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 29 Jun 2012 23:03:56 +0200
On Fri, Jun 29, 2012 at 10:43 PM, HD Moore <hdm () digitaloffense net> wrote:


Hi Patrik,

We added a minimum delay for repeated authentication attempts to this
protocol a few months ago. The 55553 service is normally plain TCP, but the
commercial products use 50505 (localhost, plain TCP) proxied over 3790 SSL
via the /api URL. The caveat for the commercial products is that
user-created passwords are validated for some basic complexity requirements
(no repeating characters, repetition of the username, super common words,
etc). Neither interface has default usernames or passwords.

HTH,

-HD





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Thanks for the information, much appreciated!

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: