Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks

From: Vlatko Kosturjak <kost () linux hr>
Date: Fri, 11 Nov 2011 23:13:26 +0100
On 11/11/2011 07:27 PM, Patrik Karlsson wrote:

Hi Kost,

The attached patch contains some cleanup of the nexpose-brute script.
Before I commit it though I wanted to get some opinions from the list in
regards to account lockout.

In general I haven't bothered too much with account lockout before, but
Nexpose locks accounts after 4 incorrect attempts per default. In the
community edition I have been testing it against, I can't get back in
without restarting the as the only account I have gets locked. So, my
question is, do we need to address this in some way, limiting the amount of
tries to 3 per account and allowing the user to force more attempts through
a script argument?
Yes, NeXpose is the only one which have account lockout in place. How it is done for other protocols now? 

Kost
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: