Home page logo
/

pen-test logo Penetration Testing mailing list archives

pen testing https portal?
From: mismail () postmaster co uk
Date: 7 Sep 2006 20:44:39 -0000

has any ever tested a https portal?

basically i have a client who has constructed a https portal to all works logon on from anywhere and access apps and 
files.

how it works is the username and pw are the users AD logon details, the pin is emailed to the user, so for example when 
the user logs on he has a button saying generate pin!

now say for example he has a pin of 1234 when hits generate pin a picture comes up like this

1234567890
0192837465

so the user find his 1st number in his pin, and types the number below it, same with 234 and enters that into the pin 
field:

username: bloggs
pw: password
pin: 0192

the pin is one time unique! has anyone ever come across a setup like this?

sorry for the long post!

hope you can help!

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]