Bugtraq mailing list archives
Re: ISS Internet Scanner Brute Force Bug
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Thu, 18 Feb 1999 17:26:49 -0500
At 11:54 PM 2/17/99 PST, alexander tampermeier wrote:
The Internet Scanner lets you brute force by using username/password pairs specified in the file default.login. I specified a known username/password pair but the scanner could not login. The reason is that the Internet Scanner needs a carriage return after the last username/password pair. If it finds just an EOF marker then the password gets modified by adding an additional character. For example the password test is modified to testo.
I believe I fixed this several revisions ago. Although this may be _BUG_TRAQ, the best place to report bugs in the scanner is to support () iss net. I'd suggest that you use vi, notepad, or some reasonable text editor in the meantime. Just what text editor are you using? In fact, I know I fixed this quite a while back, because I remember clearly having to use VC++'s editor in binary mode to be able to produce a file which would cause this problem. If you're running a recent version of the scanner, please report which version to support () iss net, and I'm sure we'll get it fixed. David LeBlanc dleblanc () mindspring com
Current thread:
- ISS Internet Scanner Brute Force Bug alexander tampermeier (Feb 17)
- Re: ISS Internet Scanner Brute Force Bug David LeBlanc (Feb 18)
- ISS forum Christopher Klaus (Feb 18)
- L0pht Security Advisory: Windows NT Dildog (Feb 18)
- <Possible follow-ups>
- Re: ISS Internet Scanner Brute Force Bug David LeBlanc (Feb 19)