Nmap Development mailing list archives
Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Vlatko Kosturjak <kost () linux hr>
Date: Fri, 11 Nov 2011 23:13:26 +0100
On 11/11/2011 07:27 PM, Patrik Karlsson wrote:
Hi Kost, The attached patch contains some cleanup of the nexpose-brute script. Before I commit it though I wanted to get some opinions from the list in regards to account lockout. In general I haven't bothered too much with account lockout before, but Nexpose locks accounts after 4 incorrect attempts per default. In the community edition I have been testing it against, I can't get back in without restarting the as the only account I have gets locked. So, my question is, do we need to address this in some way, limiting the amount of tries to 3 per account and allowing the user to force more attempts through a script argument?
Yes, NeXpose is the only one which have account lockout in place. How it is done for other protocols now?
Kost _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 13)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 17)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Henri Doreau (Nov 14)