ms exchange server security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Just wondering how hard it would be to crack an exhange server email account
if I already have the username and only had to crack the password.(?)

Re: ms exchange server security

BFM wrote:

Quoted text here. Click to load it

Certainly having the usernames is helpful...

Depends upon a couple of things

1) What is the password policy? How strong is it?
        example: Is it required that passwords have uppercase and numbers?
2) How long is the aging policy? 30 days? 60, 90 days? Never?
3) Do I have access from the "outside" World (ie Internet access) in the
case where you allow authenticated email forwarding.


Re: ms exchange server security

BFM wrote:
Quoted text here. Click to load it
If you don't have access to the server system files and a complex
password was used and you have big pipes and only 1 computer  you should
be able to crack it in about 100,000 years or so.  If the admins put a 3
missed trys on the password before it locks the account, it may take
somewhat longer.  If complex password enforcement is not in place and
the administrators are complete idiots and did not set a max number of
tries before it locks the is an indeterminable variable.

Bear in mind trying to brute force the account should ring off alarm
bells everywhere if even minimal security monitors are in place.  A
decent network will lock you safely away from the server at the firewall
if you try cracking too hard.  If there is any possibility that the
system is at all sensitive and business or governmental in nature, you
should be safely in jail long before you access the account.

There are far better ways to access exchange servers with much higher
probabilities of success.


Site Timeline