Danny Mallory wrote: > Because of typical password lockout policies, shouldn't plugin > mssql_brute_force.nasl be classified as dangerous? > > This script locked out a bunch of our MS SQL server SA accounts. >
There are at most 5 tests for the same account (sa). At some point we can't stop those kinds of "side effects". The script family could have been "dangerous" if we tested more than 10 passwords per account which is not the case. It is the same thing for windows credentials. We can test until 13 accounts/password depending on how Nessus is configured. If the policy is too restrictive we may lock out some accounts. Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
