Tuesday 10 June 2008

Programmatically Producing Poor Passwords

This is an old version of ProCheckUp’s blog. Please go to http://www.procheckup.com/blog to read the latest version.


Anonymous Anonymous said...

so we're saying that all the attacker needs to do is: 1. enter the victim's username in the password reset page, 2. bruteforce a list of 5568 possible passwords on the login page.

such bruteforce attack would only take a few mins. needless to say when the correct password is found, the victim's account would be compromised.

this is a very good example of how NOT to implement a password reset feature! thanks for sharing Jan!

10 June 2008 at 13:03  

Post a Comment

<< Home