|
|
|
|
|
|
by mananaysiempre
747 days ago
|
|
|
> I have seen experienced sysadmins create the test user with the password of "test" on a live server on port 22 because they were having an "autopilot moment". pam_pwnd[1], testing passwords against the Pwned Passwords database, is a(n unfortunately abandoned but credibly feature complete) thing. (It uses the HTTP service, though, not a local dump.) [1] https://github.com/skx/pam_pwnd |
|
|
if the password have decent entropy, it won't be in the top 1000 of the leaks so not used in blond brute force like this.