passw0rd trial limit

hi

i am trying to pen test a web site

site has a login page and all the usernames are known
the passw0rd length is fixed and 6 characters long

i think with a brute force attack it wold be easy to login as any user,

but the problem is when a user enters wrong paaw0rd more than five times
he/she can only login for aboout 2 hours later

how this obstacle can be overcomed do you have any idea?

by the way remote server accepts another user login wehther you have exceeded trial limit or not
so i think it is not related with the ip filtering


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------

Relevant Pages

  • Re: SPAM-LOW: passw0rd trial limit
    ... login process the more requests are send. ... As attacks through web applications continue to ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • MySpace Data Phished and Leaked
    ... MySpace user login and password data has recently been ... exposed and posted online. ... researchers looking into the phishing techniques ... were quickly updated to warn users visiting the Web site. ...
    (comp.security.misc)
  • RE: Back Button
    ... The web site contains 3 frames,. ... the top frame has a link to another external site, ... external site, but if the user decide later to go back to my web site, he always got redirected to the login page ... If I click the Back button, the code does not get executed on the server side, since, I cannot catch it neither ...
    (microsoft.public.vsnet.general)
  • Re: Email "portal" in Python?
    ... > aggregator, weather forecast, comics, etc. ... > web site, think of all of it being sent daily as an email. ... I've nearly completed a 'login module' for use with Python CGIs. ...
    (comp.lang.python)
  • Thumbnail security problem?
    ... Is there a known problem with Explorer Thumbnail viewer in regards to ... Login into a web site that uses BASIC AUTHENTICATION where the browser ...
    (microsoft.public.security)