Penetration Testing mailing list archives
RE: Password Cracking Issues
From: "THOMAS, DEDRIC (ATTCLSMA)" <dt7089 () att com>
Date: Tue, 29 Dec 2009 11:06:18 -0600
Hey, Ethically, you should notify them of the fact that they need to strengthen their Account Management Policies. You can have them change the password, and then go forth with your pen-testing. It would benefit both parties, they know they can trust you to tell them the right thing, instead of faking your way through a password hack, even though you know the password. Just my two cents.... Dedric -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of JAE HO JANG Sent: Thursday, December 17, 2009 10:08 AM To: pen-test () securityfocus com Subject: Password Cracking Issues Hi, I am doing Pen-testing of our customer's FW, NetScreen. But I installed this FW also set password a few months ago so I already knew the password (they haven't changed). In this case, what is the best way to do? just proceed the password cracking? then report them I managed to find the password? or skip password cracking and then advise to reinforce the password policy? Please advise. Thanks in advance. Regards, Tony -------------------------------------- Get Disney character's mail address on Yahoo! Mail http://pr.mail.yahoo.co.jp/disney/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Password Cracking Issues JAE HO JANG (Dec 21)
- Re: Password Cracking Issues Jonathan Cran (Dec 29)
- Re: Password Cracking Issues Javier Reyna (Dec 29)
- RE: Password Cracking Issues THOMAS, DEDRIC (ATTCLSMA) (Dec 29)