[Full-disclosure] has any ever tested a https portal?
Richard Braganza
iwtb0202 at googlemail.com
Fri Sep 8 15:51:08 BST 2006
Hi mismail, list,
mismail wrote
>the pin is one time unique! has anyone ever come across a setup like this?
Check out PINSafe by Swivel Secure (2 factor - unique PIN sent by email or
sms)
I found it during some app testing
It looked very good apart from the way it was implemented:Badly, it allowed
DoS any logged in user, by logging them off. The product was not to blame
IMHO - only how it was integrated to the web site
Best Regards
RARB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060908/266ea408/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.