How to verify Account Brute Force Possible Through IIS Printers Directory Authentication Interface

Qualys scanning found a vulnerabilities-“Account Brute Force Possible Through IIS Printers Directory Authentication Interface” as below. I need to do black box testing to verify this vulnerability. If anybody would be willing to help, it would be greatly appreciated! ————————–——– THREAT: A “printers/” directory has been found active on your Microsoft IIS Server and is… Read More »

Account Brute Force Possible Through IIS Printers Directory Authentication Interface

Qualys scanning found a vulnerabilities-“Account Brute Force Possible Through IIS Printers Directory Authentication Interface” as below. I need to do black box testing to verify this vulnerability. If anybody would be willing to help, it would be greatly appreciated! ————————–——– THREAT: A “printers/” directory has been found active on your Microsoft IIS Server and is… Read More »

What is an Account lockout Threshold

This is a policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until it is reset by an administrator or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1… Read More »

Account Brute Force Possible Through IIS NTLM Authentication Scheme

What is IIS NTLM Authentication Scheme Authentication is the process of identifying whether a client is eligible to access a resource. The HTTP protocol supports authentication as a means of negotiating access to a secure resource. NT LAN Manager (NTLM) authentication is a challenge-response scheme that is a securer variation of Digest authentication. NTLM uses… Read More »

How to verify “Account Brute Force Possible Through IIS localstart.asp Authentication Interface” vulnerability?

Qualys scanning found a vulnerabilities-“Account Brute Force Possible Through IIS localstart.asp Authentication Interface” as below. I need to do black box testing to verify this vulnerability. If anybody would be willing to help, it would be greatly appreciated! THREAT: The file “localstart.asp” is part of the default Microsoft IIS install. By default it is password… Read More »

Configuring Anonymous FTP Authentication (IIS 6.0)

You can configure your FTP server to allow anonymous access to FTP resources. If you select Anonymous FTP authentication for a resource, all requests for that resource are accepted without prompting the user for a user name or password. This is possible because IIS automatically creates a Windows user account called IUSR_computername, where computername is… Read More »

7-Zip gets an update to fix major security vulnerabilities

Security researchers from Talos have written a bunch of fancy words on their blog here, which basically say 7-Zip has a couple of serious security flaws. Everyone’s up in arms about it, too. There are two major security flaws found in the program, one which allows hackers to remotely execute code (basically run programs from… Read More »

What is a vulnerability?

Dictonary.com has several meaning for the word vulnerable, but when it comes to the computer world a the meaning of a vulnerability is no different.  To define a vulnerability simply means a computer network or application is open to attack. There is an existing weakness whether it is in the computer its self of procedures… Read More »