A Brute Force attack is an automated process of trial and error used
to guess a person's username, password, credit-card number or
Many systems will allow the use of weak passwords or cryptographic
keys, and users will often choose easy to guess passwords, possibly
found in a dictionary. Given this scenario, an attacker would cycle
though the dictionary word by word, generating thousands or
potentially millions of incorrect guesses searching for the valid
password. When a guessed password allows access to the system,
the brute force attack has been successful and the attacker is able
access the account.
The same trial and error technique is also applicable to guessing
encryption keys. When a web site uses a weak or small key size, its
possible for an attacker to guess a correct key by testing all possible
Essentially there are two types of brute force attacks, (normal) brute
force and reverse brute force. A normal brute force attack uses a
single username against many passwords. A reverse brute force
attack uses many usernames against one password. In systems with
millions of user accounts, the odds of multiple users having the same
password dramatically increases. While brute force techniques are
highly popular and often successful, they can take hours, weeks or
years to complete.
Username = Jon
Passwords = smith, michael-jordan, [pet names], [birthdays], [car
Usernames = Jon, Dan, Ed, Sara, Barbara, .....
Password = 12345678
"Brute Force Attack", Imperva Glossary
"iDefense: Brute-Force Exploitation of Web Application Session ID's",
By David Endler - iDEFENSE Labs
To receive your Free Application
Vulnerability Assessment for testing of one attack vulnerability of your choice, please submit your payment of $99.00 for a second Brute Force attack vulnerability test.