How does BreachBits identify file transfer protocol (FTP) Brute Force Authentication threats? When conducting port scanning during the host enumeration phase of a BreachRisk assessment, an FTP Brute Force Authentication vector is detected when a port that is commonly-used for FTP services (usually 21 for FTP) is exposed to the public and the returned data from the scan matches what is typical for an exposed FTP service.

How does BreachBits verify file transfer protocol (FTP) Brute Force Authentication threats? For BreachBits customers with an active subscription, during the threat validation phase of a BreachRisk assessment, the BreachRisk Platform will attempt to authenticate to the exposed FTP service with a randomly-generated username and password combination. If the exposed service responds to the authentication request with an error code common for invalid credentials, then the threat is marked as verified.

How does BreachBits test file transfer protocol (FTP) Brute Force Authentication threats? During the penetration testing phase of a BreachRisk assessment, the BreachRisk Platform attempts to authenticate to the exposed FTP service using exposed username and password combinations discovered for the organization on the Dark Web and/or common or default username/password combinations for the applicable detected FTP server type.