thc-hydra icon indicating copy to clipboard operation
thc-hydra copied to clipboard

Published 20 hours ago verified publisher icon vanhauser-thc

fix smb password expired vs account expired confusion

Open tothi opened this issue 7 months ago • 4 comments

  • If SMB password is MUST_CHANGE or EXPIRED, it is still valid, it is possible to change it remotely, so it should be returned as valid.
  • If the account is EXPIRED, it is no longer usable, even if the password is ok. It should be returned as invalid.

Testing is in this thread: https://twitter.com/an0n_r0/status/1731109539204710416

Originally Hydra returned valid if the account was expired but invalid if the password was expired. It is wrong, it should be exactly the opposite: valid if password was expired, but invalid if account was expired.

tothi avatar Dec 05 '23 00:12 tothi