Re: wanted: a script to try dictionary attacks against NOTES ID

From: Keith Perry (kperry_security@hotmail.com)
Date: 11/21/01


From: "Keith Perry" <kperry_security@hotmail.com>
To: pen-test@securityfocus.com
Subject: Re: wanted: a script to try dictionary attacks against NOTES ID
Date: Wed, 21 Nov 2001 19:25:19 +0000
Message-ID: <F26TMFLOHLMBtfmQ2PO000080fe@hotmail.com>


In brute forcing the notes password with an automation tool to put a
password in the login box like you would type it, you must take into account
the Notes delay mechanism. Each subsequent invalid password causes an
increase in the response time. This was done to slow down brute force
attacks and render them nearly useless.

I can not recall if this is an issue when using the Notes API.

Keith Perry

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/