RE: Password Auditing

From: Brungardt, Jill (Jill.Brungardt@CommerceBank.com)
Date: Fri May 04 2007 - 15:11:43 EDT

• Next message: Andy Cuff: "RE: Winning Hearts and Minds"
• Previous message: Beauchamp, Brian: "RE: Password Auditing"
• Maybe in reply to: Mike Gibson: "Password Auditing"
• Next in thread: John Babio: "RE: Password Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John The Ripper is good, and free, for identifying weak passwords on the
platforms listed-but it doesn't 'remotely fetch the local password
database'.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Mike Gibson
Sent: Friday, May 04, 2007 12:50 PM
To: pen-test@securityfocus.com
Subject: Password Auditing

Can anyone recommend a good password auditing tool. Basically I want to
identify weak passwords on my servers (Windows, Linux, Unix). Ideally
this would be done by a tool that could remotely fetch the local
password database and then attempt to brute force the passwords and
prepare a report in a central location.

Any suggestions?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

*****************************************************************************
If you wish to communicate securely with Commerce Bank and its
affiliates, you must log into your account under Online Services at
http://www.commercebank.com or use the Commerce Bank Secure
Email Message Center at https://securemail.commercebank.com

NOTICE: This electronic mail message and any attached files are
confidential. The information is exclusively for the use of the
individual or entity intended as the recipient. If you are not
the intended recipient, any use, copying, printing, reviewing,
retention, disclosure, distribution or forwarding of the message
or any attached file is not authorized and is strictly prohibited.
If you have received this electronic mail message in error, please
advise the sender by reply electronic mail immediately and
permanently delete the original transmission, any attachments
and any copies of this message from your computer system.
*****************************************************************************

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Andy Cuff: "RE: Winning Hearts and Minds"
• Previous message: Beauchamp, Brian: "RE: Password Auditing"
• Maybe in reply to: Mike Gibson: "Password Auditing"
• Next in thread: John Babio: "RE: Password Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT