1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

Weak Lockout Policy Abuse

Variants:
Direct 

Also Known As:
Weak Account Lockout

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Account Lockout, Anti-Automation

Invented In:
19/12/2014

Added In:
19/12/2014


Vector Operation Method:
Insufficient lockout duration or extreamly high failed login limit can be abused for in dictionary attacks against common account credentials.


Direct Variant:

Weak Lockout Policy Abuse

Variant Title:
Weak Lockout Policy Abuse

Typical Severity:
Minor

Resources:

OWASP Testing Guide

White Papers:

Learn More:




TECAPI ©

Join