Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > ms exchange server security

Reply
Thread Tools

ms exchange server security

 
 
BFM
Guest
Posts: n/a
 
      06-29-2005
Just wondering how hard it would be to crack an exhange server email account
if I already have the username and only had to crack the password.(?)


 
Reply With Quote
 
 
 
 
Michael J. Pelletier
Guest
Posts: n/a
 
      06-29-2005
BFM wrote:

> Just wondering how hard it would be to crack an exhange server email
> account if I already have the username and only had to crack the
> password.(?)


Certainly having the usernames is helpful...

Depends upon a couple of things

1) What is the password policy? How strong is it?
example: Is it required that passwords have uppercase and numbers?
2) How long is the aging policy? 30 days? 60, 90 days? Never?
3) Do I have access from the "outside" World (ie Internet access) in the
case where you allow authenticated email forwarding.

-Michael
 
Reply With Quote
 
 
 
 
Winged
Guest
Posts: n/a
 
      06-30-2005
BFM wrote:
> Just wondering how hard it would be to crack an exhange server email account
> if I already have the username and only had to crack the password.(?)
>
>

If you don't have access to the server system files and a complex
password was used and you have big pipes and only 1 computer you should
be able to crack it in about 100,000 years or so. If the admins put a 3
missed trys on the password before it locks the account, it may take
somewhat longer. If complex password enforcement is not in place and
the administrators are complete idiots and did not set a max number of
tries before it locks the account...it is an indeterminable variable.

Bear in mind trying to brute force the account should ring off alarm
bells everywhere if even minimal security monitors are in place. A
decent network will lock you safely away from the server at the firewall
if you try cracking too hard. If there is any possibility that the
system is at all sensitive and business or governmental in nature, you
should be safely in jail long before you access the account.

There are far better ways to access exchange servers with much higher
probabilities of success.

Winged
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MCSE 2003 w/Exchange or MCITP 2008 w/Exchange Juan MCITP 3 06-19-2009 07:29 PM
Cannot send mail from Exchange 2007 mailbox to Exchange 2003 mailb =?Utf-8?B?am9zdWU=?= MCSE 3 08-15-2007 12:02 PM
Exchange Links < Western Cartoon Cards > Exchange Links www.westerncartooncards.ca HTML 2 07-12-2004 07:59 PM
Exchange 5.5 with Exchange 2000 Cluster problem Jose Luis Microsoft Certification 0 02-13-2004 10:23 AM
help: My exchange lost M: and exchange can not start winman MCSE 9 07-30-2003 04:34 PM



Advertisments