Penetration Testing mailing list archives
Re: pen testing https portal?
From: "Richard Braganza" <iwtb0202 () googlemail com>
Date: Mon, 11 Sep 2006 19:34:59 +0100
Check out PINSafe by Swivel Secure (2 factor - unique PIN sent by email or sms) I found it during some app testing It looked very good apart from the way it was implemented:Badly, it allowed DoS any logged in user, by logging them off if incorrect numbers entered. The product was not to blame IMHO - only how it was integrated to the web site Best Regards RARB On 9 Sep 2006 19:35:47 -0000, mismail () postmaster co uk <mismail () postmaster co uk> wrote:
no basically 1234 is PIN they refer to, so when they click on the generate pin button they find the number under 1234 and enter that as there pin, the number they enter will always change, so if some if walking past and see's your logon details, they cant logon, cos its a new number you'd have type in again! ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- pen testing https portal? mismail (Sep 07)
- Re: pen testing https portal? Nathan Keltner (Sep 08)
- Re: pen testing https portal? Paolo Scarabelli (Sep 10)
- <Possible follow-ups>
- RE: pen testing https portal? Nick Besant (Sep 08)
- Re: Re: pen testing https portal? mismail (Sep 10)
- Re: pen testing https portal? Richard Braganza (Sep 11)
- Re: pen testing https portal? Nathan Keltner (Sep 08)