Tuesday, 10 June 2008

Programmatically Producing Poor Passwords

This is an old version of ProCheckUp’s blog. Please go to http://www.procheckup.com/blog to read the latest version.

1 Comments:

Blogger Adrian Pastor said...

so we're saying that all the attacker needs to do is: 1. enter the victim's username in the password reset page, 2. bruteforce a list of 5568 possible passwords on the login page.

such bruteforce attack would only take a few mins. needless to say when the correct password is found, the victim's account would be compromised.

this is a very good example of how NOT to implement a password reset feature! thanks for sharing Jan!

10 June 2008 at 13:03  

Post a Comment

Links to this post:

Create a Link

<< Home