What is SRP: The Secure Remote Password protocol (SRP) is an augmented password-authenticated key exchange (PAKE) protocol, specifically designed to work around existing patents.[1]
Like all PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to brute-force guess a password or apply a dictionary attack without further interactions with the parties for each guess. Furthermore, being an augmented PAKE protocol, the server does not store password-equivalent data.[2] This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.
Q: The target URL's authentication method is SRP (Secure Remote Password) protocol which prevents the password from ever leaving the client. This does not look like something that is easily accomplished via curl as it would require integrating encryption utilities/libraries.
I would greatly appreciate it if someone could let me know how zabbix can monitor this type(SRP) of URL.
Thank you,
Like all PAKE protocols, an eavesdropper or man in the middle cannot obtain enough information to be able to brute-force guess a password or apply a dictionary attack without further interactions with the parties for each guess. Furthermore, being an augmented PAKE protocol, the server does not store password-equivalent data.[2] This means that an attacker who steals the server data cannot masquerade as the client unless they first perform a brute force search for the password.
Q: The target URL's authentication method is SRP (Secure Remote Password) protocol which prevents the password from ever leaving the client. This does not look like something that is easily accomplished via curl as it would require integrating encryption utilities/libraries.
I would greatly appreciate it if someone could let me know how zabbix can monitor this type(SRP) of URL.
Thank you,
Comment