Data from MS Shows Password Attack Focus

Microsoft released data collected from an FTP-server honeypot, showing that attempts to guess passwords continue to focus on the low-hanging fruit: passwords with an average length of eight characters, with “password” and “123456” being the most common. Read the full article. Security Focus...

Default credentials

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully condu...

CVE-2001-1467

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks...

DSA-526 webmin - several vulnerabilities

Bulletin has no description...

asleap - offline LEAP authentication hacking

MS-CHAP NTLM vulnerability allows offline passwords attacks...

CVE-2002-0395

The TFTP server for Red-M 1050 Bluetooth Access Point can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods...

Дырки в устройчтвах VPNet VPN

С помощью source route можно обойти устройство и переслать любой трафик в защищаемую сеть. Кроме того имеются локальные проблемы, возможность атак грубой силы на пароли и стандартный SNMP-community...

CVE-1999-0407

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system...

iis4.proxy.passwd.txt

Date: Mon, 9 Feb 1998 04:35:48 -0000 From: mnemonix To: [email protected] Subject: ALERT: IIS4 allows proxied password attacks over NetBIOS Introduction Internet Information Server 4.0 has an interesting feature that can allow a remote attacker to attack user accounts local to the Web Server a...