Bad passwords can have catastrophic consequences. That's because passwords play a key role in enterprise security, protecting assets (including email systems, databases and many other types of servers) from unauthorized users (including malicious hackers).
A bad password has one of the following three characteristics:
- It can easily be guessed
- It is likely to appear in a wordlist
- It can be bruteforced in a reasonable amount of time
- All three of these possibilities need a little further explanation.
Medusa is described as a "speedy, massively parallel, modular, login brute-forcer" with modules available to support almost any service that allows remote authentication using a password, including: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, POP3, PostgreSQL, SMTP-AUTH, Telnet and VNC. Medusa has been designed to run faster than Hydra by using thread-based (rather than Hydra's process-based) parallel testing to attempt to log in to multiple hosts or users concurrently.