I have tested a user validation hash attack against a 5.6.3.2 instance by logging in with different accounts and comparing the ccmUserHash against previous ccmUserHash.
We had an approximate 8% collision rate against 136,000 logins in a successive login attack. Our "Real World" data suggest a .009% collision dating back to early December.
I have tested a user validation hash attack against a 5.6.3.2 instance by logging in with different accounts and comparing the ccmUserHash against previous ccmUserHash.
We had an approximate 8% collision rate against 136,000 logins in a successive login attack. Our "Real World" data suggest a .009% collision dating back to early December.