You are browsing the archive for Username.

How to Hack Usernames and Passwords

May 15, 2012 in Videos

The method that used is, an ARP poisoning, but with iptables enabled from the etter.conf file. This will create a fake security certificate based off of a real one. When the victim machine types in username and password information, it is captured by ettercap with no encryption. Even though the victim is at a secure site or secure login, it does not matter.
View Source

Apache CXF Username Token Broken Validation

February 8, 2012 in Files

Apache CXF versions 2.4.5 and 2.5.1 fail to validate a WS-Security UsernameToken received as part of the security header of a SOAP request against a WS-SP UsernameToken policy. CXF does not validate a WS-Security UsernameToken received as part of the security header of a SOAP request against a WS-SP UsernameToken policy.

A malicious client could send a request to the endpoint with no UsernameToken, and the UsernameToken policy requirement would still be marked as valid.
View Source