Table of Contents
Password Cracking Attack
An attacker (through the use of a program or application) simulates the requests of a typical web browser, attempting to gain valid credentials from an authentication system by large numbers of repeated authentication attempts, using different passwords.
Remedy
- Implement a logging system which watches for such attacks and slows the attacker down (e.g. sleep).
- Block IP addresses for a certain amount of time, which have made repeated failed login attempts.