Wednesday, December 19, 2007

Cracking passwords to web applications

Many web applications can be broken into. How?

Some common vulnerabilities that can easily lead to an attacker cracking Web passwords include the following:

  • No intruder lockout after a certain number of failed attempts
  • Intruder lockout time that's too short
  • Allowing simultaneous logins from the same or multiple hosts
  • Transmitting login traffic via HTTP and not using SSL
Want to see tools and examples? See the article by Kevin Beaver.