====== Password Cracking Attack ======

An attacker (through the use of a program or application) simulates the requests of a typical web browser, attempting to gain valid credentials from an authentication system by large numbers of repeated authentication attempts, using different passwords.

===== Remedy ====

  * Implement a logging system which watches for such attacks and slows the attacker down (e.g. [[phpfn>sleep]]).
  * Block IP addresses for a certain amount of time, which have made repeated failed login attempts.

===== Additional Information =====

  * See [[security:web_application_security|web application security]] and [[catalog|security attacks catalog]].