Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wanted: a script to try dictionary attacks against NOTES ID

From: "Keith Perry" <kperry_security () hotmail com>
Date: Wed, 21 Nov 2001 19:25:19 +0000
In brute forcing the notes password with an automation tool to put a password in the login box like you would type it, you must take into account the Notes delay mechanism. Each subsequent invalid password causes an increase in the response time. This was done to slow down brute force attacks and render them nearly useless. 

I can not recall if this is an issue when using the Notes API.


Keith Perry

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: