Re: wanted: a script to try dictionary attacks against NOTES ID
From: Keith Perry (kperry_security@hotmail.com)Date: 11/21/01
- Previous message: Andy Miller: "RE: SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Keith Perry" <kperry_security@hotmail.com> To: pen-test@securityfocus.com Subject: Re: wanted: a script to try dictionary attacks against NOTES ID Date: Wed, 21 Nov 2001 19:25:19 +0000 Message-ID: <F26TMFLOHLMBtfmQ2PO000080fe@hotmail.com>
In brute forcing the notes password with an automation tool to put a
password in the login box like you would type it, you must take into account
the Notes delay mechanism. Each subsequent invalid password causes an
increase in the response time. This was done to slow down brute force
attacks and render them nearly useless.
I can not recall if this is an issue when using the Notes API.
Keith Perry
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Andy Miller: "RE: SQL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
