Account lockout attack
[http://s1.shard.jp/losaul/picture-of-food.html current temperature in melbourne australia ] [http://s1.shard.jp/olharder/automotive-executive.html horne automotive ] [http://s1.shard.jp/galeach/new194.html asian movie rentals ] [http://s1.shard.jp/frhorton/rykfyeh82.html africa waterfall ] [http://s1.shard.jp/frhorton/rkgv2463v.html tarkastad south africa ] [http://s1.shard.jp/olharder/value-of-groucho.html autocad building drawings ] [http://s1.shard.jp/losaul/taubman-paints.html adult australia resort vacation ] link links [http://s1.shard.jp/losaul/townsville-australia.html lion+king+australia ] [http://s1.shard.jp/galeach/new81.html asian male hairstyles ] [http://s1.shard.jp/galeach/new173.html cute asian schoolgirls ] [http://s1.shard.jp/bireba/antivirus-software.html norton antivirus serial crack ] [http://s1.shard.jp/galeach/new8.html hot asian horny girl ] [http://s1.shard.jp/losaul/australia-airfare.html australian blanket shepherd ] [http://s1.shard.jp/galeach/new26.html asian martial arts center ] [http://s1.shard.jp/frhorton/9vces3l25.html asian african legal consultative organization ] [http://s1.shard.jp/frhorton/yoc3js17e.html toto africa lyrics meaning ] [http://s1.shard.jp/frhorton/rlw3nqlyf.html safari africa luxury ] [http://s1.shard.jp/losaul/australia-behringer.html australian independent film ] [http://s1.shard.jp/frhorton/bnd824p72.html african american bio.com literature.nobel site ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus free ] [http://s1.shard.jp/bireba/imac-intel-antivirus.html panda antivirus serial ] [http://s1.shard.jp/losaul/australia-bus.html australia's museum of flight ] site [http://s1.shard.jp/galeach/new7.html asian earth quake ] china export to australia [http://s1.shard.jp/losaul/australia-credit.html homes+australia ] [http://s1.shard.jp/frhorton/c1k98s3rt.html seychelles map africa ] [http://s1.shard.jp/galeach/new46.html asian big toy ] domain map [http://s1.shard.jp/olharder/collective-unconscious.html parts for datsun 280z automobile ] [http://s1.shard.jp/olharder/autograph-boxing.html auto parts mazda wreckers mx5 ] [http://s1.shard.jp/losaul/seven-nightclub.html australian holiday houses ] [http://s1.shard.jp/olharder/auto-emissions-test.html autohits autosurf autosurf beautypeople.com exchange site ] [http://s1.shard.jp/losaul/port-hedlund-australia.html pheromone trap heliothis australia ] sitemap [http://s1.shard.jp/galeach/new32.html asian garden plants ] [http://s1.shard.jp/frhorton/h4xwn2n8q.html good maps of africa ] [http://s1.shard.jp/galeach/new157.html asia photo ] antivirus software program [http://s1.shard.jp/losaul/map.html rat zapper australia ] [http://s1.shard.jp/losaul/travel-shows-in.html australian dick moby ] [http://s1.shard.jp/bireba/review-zone-alarm.html trend antivirus scan ] [http://s1.shard.jp/frhorton/zgxfpsa75.html black african american hair styles ] [http://s1.shard.jp/galeach/new31.html asian slaw ramen ] [http://s1.shard.jp/bireba/winantivirus-pro.html update norton antivirus ] [http://s1.shard.jp/bireba/antivirus-free-download.html small antivirus program ] http://www.textletocnac4.com
Last revision (mm/dd/yy): 05/26/2009
In an account lockout attack, the attacker attempts to lock out all user accounts, typically by failing login more times than the threshold defined by the authentication system. For example, if users are locked out of their accounts after three failed login attempts, an attacker can lock out their account for them simply by failing login three times. This attack can result in a large scale denial of service attack if all user accounts are locked out, especially if the amount of work required to reset the accounts is signficant.
- Account lockout attacks are used to exploit authentication systems that are susceptible to denial of service. A famous example of this type of attack is eBay's. eBay used to display the user id of the highest bidder (in the meantime they changed their way of working). In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder's account for some time. An attacker could then make their own bid and their victim would not have a chance to place a counter bid because they would be locked out. Thus an attacker could win the auction.
Related Threat Agents