RxHarun

Password Spraying Brute Force Attack

Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist
2 Views
Rx iT World Hacking Tutorial

Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application. For example, an attacker will use one password (say, Secure@123) against many different accounts on the application to avoid account lockouts that would normally occur when brute forcing a single account with many passwords.

This attack can be found commonly where the application or admin sets a default password for the new users.

password-spraying-attack

Mitigations

  • Brute force preventation should be on both field, i.e., Username and Password.
  • Set account lockout policies after a certain number of failed login attempts to prevent credentials from being guessed. Implement CAPTCHA, if lockout is not a viable option.
  • The admin managed application should force users to change their password on first login with default password.
  • Use multi-factor authentication. Where possible, also enable multi-factor authentication on externally facing services.

You Might Also Like This Posts:

  1. How to Test for Brute Force Vulnerabilities A brute force attack can manifest itself in many different ways, but primarily consists in an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. For the sake of efficiency, an attacker may use a dictionary attack (with or without mutations) or a traditional brute-force attack (with […]...
  2. How to Reset a WordPress Password from phpMyAdmin: A Simple Guide In the world of WordPress, forgetting your password can be a real headache. But don’t worry, we’ve got your back! In this step-by-step guide, we’ll show you how to reset your WordPress password using phpMyAdmin, and we’ll explain everything in plain and simple English. So, let’s dive right in and get your website back on […]...
  3. Password Cracking – All About You Need To Know Passwords are the most widely used form of authentication throughout the world. A username and password are used on computer systems, bank accounts, ATMs, and more. The ability to crack passwords is an essential skill to both the hacker and the forensic investigator, the latter needing to hack passwords for accessing the suspect’s system, hard […]...
  4. Parameter Delimiter Attack This attack is based on the manipulation of parameter delimiters used by web application input vectors in order to cause unexpected behaviors like access control and authorization bypass and information disclosure, among others. Risk Factors TBD Examples In order to illustrate this vulnerability, we will use a vulnerability found on Poster V2, a posting system […]...
  5. Credential Stuffing Attacks Credential stuffing is the automated injection of stolen username and password pairs (“credentials”) in to website login forms, in order to fraudulently gain access to user accounts. Since many users will re-use the same password and username/email, when those credentials are exposed (by a database breach or phishing attack, for example) submitting those sets of […]...
  6. Clickjacking and UI Redress Attack Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing […]...
  7. Multi-Factor Authentication (MFA) Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint. A second form of authentication can help prevent unauthorized […]...
  8. How to Recover a Lost Password in WordPress: Simple Step-by-Step Guide In the world of website management, it’s not uncommon to forget a password, especially if you manage multiple WordPress sites. When this happens, don’t panic! There are simple steps you can take to recover your lost password and regain access to your WordPress website. In this step-by-step guide, we’ll walk you through the process of […]...
  9. Denial of Service (DoS) Attack The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of […]...
  10. Single Sign-on (SSO) Single sign-on (SSO) is an authentication solution that allows users to log in to multiple applications and websites with one-time user authentication. Given that users today frequently access applications directly from their browsers, organizations are prioritizing access management strategies that improve both security and the user experience. SSO delivers both aspects, as users can access […]...

To Get Daily Health Newsletter

We don’t spam! Read our privacy policy for more info.

Terms and Conditions of Use
Privacy Policy
Cookie Policy
Editorial Policy
Advertising Policy
EU User Consent Policy
Correction Policy
Citation Policy
Ethics and Logical Policies
About Us
Contact Us
Newsletter
Career
Sitemap
Advertise with us
Editorial Board Members
Review Board Member
Team RxHarun
Web Developers Team
Guest Posts and Sponsored Posts
Request for Board Member
Women Writers
Download Mobile Apps
Follow us on Social Media
© 2012 - 2025; All rights reserved by authors. Powered by Mediarx International LTD, a subsidiary company of Rx Foundation.
RxHarun
Logo