Some common vulnerabilities that can easily lead to an attacker cracking Web passwords include the following:
- No intruder lockout after a certain number of failed attempts
- Intruder lockout time that's too short
- Allowing simultaneous logins from the same or multiple hosts
- Transmitting login traffic via HTTP and not using SSL