Contributors
Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

List of incidents of class Brute Force

Other WASC threat classifications:
Abuse of Functionality, Brute Force, Content Spoofing, Credential/Session Prediction, Cross-site Scripting, Defacement, Denial of Service, Directory Indexing, HTTP Response Splitting, Information Leakage, Insufficient Anti-automation, Insufficient Authentication, Insufficient Authorization, Insufficient Process Validation, Insufficient Session Expiration, Known Vulnerabity, Misconfiguration, OS Commanding, Other, Path Traversal, Phishing, Predictable Resource Location, Redirection, SQL Injection, Unknown, Weak Password Recovery Validation, Worm

There are 1 incidents of class Brute Force
WHID 2003-2: UT Austin hack yields personal info on thousands
Date: 06 March 2003
Incident Type: Security Breach
WASC Threat Classification: Brute Force

While an old incident, further research into it suggest that it was a web hack. While the initial reports talk about a database break in, a report in the Register identify the database as txClass, which is a web based system. 55,200 social security numbers where stolen, though the hacker claimed that he did not perform the act for profit. He was caught and sentenced to 5 years probation.

References:



This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
© Copyright 2005, Web Application Security Consortium. All rights reserved.