Password spraying is a technique us by an attacker to obtain valid access crentials that consists of trying the same commonly us password on different user accounts and then trying another password.
Password spraying attack: few passwords for many users
Brute force attacks refer to one of the techniques us by attackers to obtain the crentials of legitimate users in order to carry out fraudulent actions. A typical brute force attack can range from trying many passwords on a username, to using other techniques such as “ crential stuffing ” or “ password spraying ”. In all cases, the objective is the same: to obtain valid access crentials for legitimate services. In this article, we explain what the technique known as password spraying consists of.
What is password spraying?
Unlike the typical attack in which a large number of passwords are test on the same account, in a password spraying attack the attacker obtains ghost mannequin accounts from different users and tries to access one or more services with a small number of passwords.
How does a password spraying attack work?
Using open-source tools or legitimate websites, an attacker tries to obtain several user account names, such as email accounts. On the other hand, he generates a small list of passwords (in some cases, only one) and tries each password on all the accounts obtain. In general, these passwords are the ones that are most commonly us. This list can be creat manually or one that already exists on the Internet can be us. Once you have the list of user accounts and passwords, the operation is as follows:
Get a password Get the entire list of user accounts
Test if the password is valid on any account
Repeat the process
Nowadays, many systems implement വർഷം മുമ്പ്, രണ്ട് ഭൗതികശാസ്ത്ര a security measure known as account lockout, which means that after a certain number of unsuccessful login attempts (this can range from three or more attempts) the person’s account is lock. If this security measure is activat on a web application, an operating system, etc., the typical brute force attack may be of little use, as the chances alb directory of locking the user’s account are high. However, using password spraying it is possible to avoid this, since having a large number of users, the time in which attempts are made on the same account can vary in such a way that no account is lock and you can continue trying more passwords.
