Brute force is a trial-and-error method of attack. It is used to obtain sensitive information. This information includes such user password, PIN number etc. In a brute force attack, an automated software is used to generate values using permutation and combination. This process continues until the barrier is broken. Brute force attacks are used by criminals to crack encrypted data. This method is used by security analysts to test network security. There are other names for brute force attack like brute force cracking or simply brute force. If a server is configured to use basic authentication or Integrated Windows authentication, then it is vulnerable to brute force attack on the password of the local machine admin account. If a server is using Windows IIS, it will have a default page localstart.asp. If the authentication is done by Integrated Windows authentication, it will be vulnerable to brute force attack. Default username of localstart.asp is “administrator” and the attacker can use brute force attack to guess the password.
Microsoft’s IIS server has a default page “localstart.asp”. This page is protected by NTLM authentication by default. An attacker can use a brute force attack to gain the authentication credentials. The resultant will give the attacker admin access.
Using this vulnerability, an attacker can:-
Beagle recommends the following impacts:-