From: pagvac (unknown.pentester@gmail.com)
Date: Tue Mar 07 2006 - 16:42:35 EST
On 3/7/06, 3 shool <3shool@gmail.com> wrote:
> > Also use common sense password guessing. i.e.:
> >
> > cognos/cognos
>
> This one seems to be working. When I give the above credentials the
> system takes me in but then gives the following error:
>
> You are not permitted to access the application at this time.
>
> CAM-AAA-0096 Unable to authenticate because the account can not be accessed.
I can think of 2 possibilities in this scenario:
- there is a policy enabled which restricts what time you can access
the application. Have you tried the valid credentials at a different
time?
- the default credentials are enabled from factory *but* the admin disabled them
After googling "CAM-AAA-0096" I found a post that seems to support the
2nd possibility (as I said, research *is* the key):
I'm sorry I can't help you any further, but it's a bit hard if I can't
actually test the application myself.
Maybe other testers from this forum have any thoughts on this?
All the best,
pagvac
>
> I tried the other combinations that you listed but only cognos/cognos
> is going in.
>
> May be the user is blocked by the application?
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:38 EDT