Difference between revisions of "Account lockout attack"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
 +
[http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/bireba/pc-world-antivirus.html antivirus+avg
 +
] [http://s1.shard.jp/galeach/new28.html asian bever mr.chews
 +
] [http://s1.shard.jp/losaul/australian-residency.html boss magazine australia
 +
] [http://s1.shard.jp/bireba/www-avg-antivirus.html quick heal antivirus free download
 +
] [http://s1.shard.jp/olharder/chery-automobile.html gsa auto sales
 +
] [http://s1.shard.jp/bireba/computer-antivirus.html norton antivirus 2005 cracked
 +
] [http://s1.shard.jp/bireba/sofos-antivirus.html antivirus servers
 +
] [http://s1.shard.jp/olharder/autobiographer.html clearing autocomplete
 +
] [http://s1.shard.jp/losaul/scoutsaustralia.html australian healers dogs
 +
] [http://s1.shard.jp/losaul/upstream-petroleum.html upstream petroleum australia] [http://s1.shard.jp/losaul/australia-behringer.html green budgies in australia
 +
] [http://s1.shard.jp/bireba/norton-antivirus.html deinstalling norton antivirus
 +
] [http://s1.shard.jp/olharder/turn-off-automatic.html turn off automatic updates xp sp2] [http://s1.shard.jp/bireba/panda-titanium-antivirus.html panda titanium antivirus reviews] [http://s1.shard.jp/olharder/autores-romanticos.html game cheats grand theft auto
 +
] [http://s1.shard.jp/losaul/australia-uranium.html australia hotel restaurant
 +
] [http://s1.shard.jp/galeach/new62.html antique art asian
 +
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/galeach/new61.html asia discount europe travel
 +
] [http://s1.shard.jp/losaul/australian-emus.html australian plant pond
 +
] [http://s1.shard.jp/olharder/slayers-autoinstaller.html auto salvage parts in killeen texas
 +
] [http://s1.shard.jp/frhorton/glos5k8jt.html list of african american inventors and scientists
 +
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/losaul/mark-edmondson-australian.html australian writers association
 +
] [http://s1.shard.jp/bireba/quickheal-antivirus.html quickheal antivirus software] [http://s1.shard.jp/losaul/western-plains.html animal australia info
 +
] [http://s1.shard.jp/galeach/new158.html public opinion on euthanasia
 +
] [http://s1.shard.jp/losaul/medical-textbooks.html australiasian college of dermatologists
 +
] [http://s1.shard.jp/frhorton/gcc5hqqy1.html volunteer africa wildlife
 +
] [http://s1.shard.jp/galeach/new13.html 3 academy fantasia lagu lirik
 +
] [http://s1.shard.jp/bireba/alarm-antivirus.html per antivirus 9.10
 +
] [http://s1.shard.jp/bireba/antivirus-checking.html symantec antivirus corporate edition v9.0.3
 +
] [http://s1.shard.jp/frhorton/9rxlvcl6n.html etv news south africa
 +
] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/bireba/symantec-antivirus.html grissoft antivirus
 +
] [http://s1.shard.jp/bireba/download-norton.html pc cillin internet security 2004 5bantivirus firewall spam
 +
] [http://s1.shard.jp/frhorton/vjlche4gq.html africa colonialism effects in
 +
] [http://s1.shard.jp/olharder/subasta-de-autos.html literary autobiography 1994 infant prodigy
 +
] [http://s1.shard.jp/losaul/vetco-aibel.html real estate newcastle australia
 +
] [http://s1.shard.jp/bireba/antivirus-stop.html nortan antivirus 2004 serial
 +
] [http://s1.shard.jp/frhorton/64klk5ggy.html baswana africa
 +
] [http://s1.shard.jp/galeach/new20.html asia cafe rosslyn] [http://s1.shard.jp/bireba/antivirus-software.html symbian antivirus software
 +
] [http://s1.shard.jp/bireba/eztrust-antivirus.html norton antivirus 2006 does not support the repair feature
 +
] [http://s1.shard.jp/losaul/australian-import.html australian tcf industries and globalisation on jobs
 +
] [http://s1.shard.jp/galeach/new94.html bl asian
 +
] [http://s1.shard.jp/olharder/22-auto-barrels.html autobedrijf
 +
 
{{Template:Attack}}
 
{{Template:Attack}}
 
<br>
 
<br>

Revision as of 21:13, 30 May 2009

top [http://s1.shard.jp/bireba/pc-world-antivirus.html antivirus+avg ] [http://s1.shard.jp/galeach/new28.html asian bever mr.chews ] [http://s1.shard.jp/losaul/australian-residency.html boss magazine australia ] [http://s1.shard.jp/bireba/www-avg-antivirus.html quick heal antivirus free download ] [http://s1.shard.jp/olharder/chery-automobile.html gsa auto sales ] [http://s1.shard.jp/bireba/computer-antivirus.html norton antivirus 2005 cracked ] [http://s1.shard.jp/bireba/sofos-antivirus.html antivirus servers ] [http://s1.shard.jp/olharder/autobiographer.html clearing autocomplete ] [http://s1.shard.jp/losaul/scoutsaustralia.html australian healers dogs ] upstream petroleum australia [http://s1.shard.jp/losaul/australia-behringer.html green budgies in australia ] [http://s1.shard.jp/bireba/norton-antivirus.html deinstalling norton antivirus ] turn off automatic updates xp sp2 panda titanium antivirus reviews [http://s1.shard.jp/olharder/autores-romanticos.html game cheats grand theft auto ] [http://s1.shard.jp/losaul/australia-uranium.html australia hotel restaurant ] [http://s1.shard.jp/galeach/new62.html antique art asian ] site domain [http://s1.shard.jp/galeach/new61.html asia discount europe travel ] [http://s1.shard.jp/losaul/australian-emus.html australian plant pond ] [http://s1.shard.jp/olharder/slayers-autoinstaller.html auto salvage parts in killeen texas ] [http://s1.shard.jp/frhorton/glos5k8jt.html list of african american inventors and scientists ] index [http://s1.shard.jp/losaul/mark-edmondson-australian.html australian writers association ] quickheal antivirus software [http://s1.shard.jp/losaul/western-plains.html animal australia info ] [http://s1.shard.jp/galeach/new158.html public opinion on euthanasia ] [http://s1.shard.jp/losaul/medical-textbooks.html australiasian college of dermatologists ] [http://s1.shard.jp/frhorton/gcc5hqqy1.html volunteer africa wildlife ] [http://s1.shard.jp/galeach/new13.html 3 academy fantasia lagu lirik ] [http://s1.shard.jp/bireba/alarm-antivirus.html per antivirus 9.10 ] [http://s1.shard.jp/bireba/antivirus-checking.html symantec antivirus corporate edition v9.0.3 ] [http://s1.shard.jp/frhorton/9rxlvcl6n.html etv news south africa ] map [http://s1.shard.jp/bireba/symantec-antivirus.html grissoft antivirus ] [http://s1.shard.jp/bireba/download-norton.html pc cillin internet security 2004 5bantivirus firewall spam ] [http://s1.shard.jp/frhorton/vjlche4gq.html africa colonialism effects in ] [http://s1.shard.jp/olharder/subasta-de-autos.html literary autobiography 1994 infant prodigy ] [http://s1.shard.jp/losaul/vetco-aibel.html real estate newcastle australia ] [http://s1.shard.jp/bireba/antivirus-stop.html nortan antivirus 2004 serial ] [http://s1.shard.jp/frhorton/64klk5ggy.html baswana africa ] asia cafe rosslyn [http://s1.shard.jp/bireba/antivirus-software.html symbian antivirus software ] [http://s1.shard.jp/bireba/eztrust-antivirus.html norton antivirus 2006 does not support the repair feature ] [http://s1.shard.jp/losaul/australian-import.html australian tcf industries and globalisation on jobs ] [http://s1.shard.jp/galeach/new94.html bl asian ] [http://s1.shard.jp/olharder/22-auto-barrels.html autobedrijf ]

This is an Attack. To view all attacks, please see the Attack Category page.



Last revision (mm/dd/yy): 05/30/2009

Description

In an account lockout attack, the attacker attempts to lock out all user accounts, typically by failing login more times than the threshold defined by the authentication system. For example, if users are locked out of their accounts after three failed login attempts, an attacker can lock out their account for them simply by failing login three times. This attack can result in a large scale denial of service attack if all user accounts are locked out, especially if the amount of work required to reset the accounts is signficant.

Risk Factors

TBD

Examples

eBay attack

Account lockout attacks are used to exploit authentication systems that are susceptible to denial of service. A famous example of this type of attack is eBay's. eBay used to display the user id of the highest bidder (in the meantime they changed their way of working). In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder's account for some time. An attacker could then make their own bid and their victim would not have a chance to place a counter bid because they would be locked out. Thus an attacker could win the auction.

Related Threat Agents

Related Attacks

Related Vulnerabilities

TBD

Related Controls

References

TBD