A Brute Force password attack is a method of accessing a secured device or application by attempting multiple combinations of accepted character sets of usernames and\or passwords, using guessing tools and scripts, in order to try all the combinations of well-known usernames and passwords.
A Brute Force Attack primarily consists of an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. Brute force attacks are often used for attacking authentication and discovering hidden content/pages within a web application. Regarding authentication, brute force attacks are often mounted when an account lockout policy is not in place. in some cases, a by-product of persistent brute force attacks is an overload of the application server that can result in a Denial of Service and can be detected as a DDoS attack.