Repeat spraying if Account is locked

Question

Repeat spraying if Account is locked

Closed this issue 5 months ago · 2 comments

If a username-password combo is tested with the result LOCKED, it is stored as attempt in the database. However, it should not be stored because the password was not actually tested. It should be repeated in another run.

Answer 1 · 2023-11-08T17:47:01.000Z

Yes, this is correct. However, the issue is that many times (more often than not, in my experience) Azure Smart Lockout will falsely report the accounts as locked because it has detected that the tenant is under a spraying attack when, in fact, they are not. In those cases, when a valid password is provided, it will show as "password valid" and not locked. Hopefully, that makes sense. I'm going to add an option for this, so people can choose the kind of behavior they prefer.

Answer 2 · 2023-11-10T09:12:52.000Z

Okay, I didn't know that. Good news for spraying!