Bugtraq mailing list archives

ISS Internet Scanner Brute Force Bug

From: alex_tampermeier () HOTMAIL COM (alexander tampermeier)
Date: Wed, 17 Feb 1999 23:54:11 PST


The Internet Scanner lets you brute force by using username/password
pairs specified in the file default.login. I specified a known
username/password pair but the scanner could not login.
The reason is that the Internet Scanner needs a carriage return after
the last username/password pair. If it finds just an EOF marker then the
password gets modified by adding an additional character.
For example the password test is modified to testo.

Alexander

alex_tampermeier () hotmail com


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

ISS Internet Scanner Brute Force Bug alexander tampermeier (Feb 17)
- Re: ISS Internet Scanner Brute Force Bug David LeBlanc (Feb 18)
- ISS forum Christopher Klaus (Feb 18)
- L0pht Security Advisory: Windows NT Dildog (Feb 18)
- <Possible follow-ups>
- Re: ISS Internet Scanner Brute Force Bug David LeBlanc (Feb 19)