pen testing https portal?

From: mismail@xxxxxxxxxxxxxxxx
Date: 7 Sep 2006 20:44:39 -0000

has any ever tested a https portal?

basically i have a client who has constructed a https portal to all works logon on from anywhere and access apps and files.

how it works is the username and pw are the users AD logon details, the pin is emailed to the user, so for example when the user logs on he has a button saying generate pin!

now say for example he has a pin of 1234 when hits generate pin a picture comes up like this

1234567890
0192837465

so the user find his 1st number in his pin, and types the number below it, same with 234 and enters that into the pin field:

username: bloggs
pw: password
pin: 0192

the pin is one time unique! has anyone ever come across a setup like this?

sorry for the long post!

hope you can help!

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Follow-Ups:
- Re: pen testing https portal?
  - From: Nathan Keltner

Prev by Date: RE: Windows Independant GUI
Next by Date: Re: Windows Independant GUI
Previous by thread: Launching exploits from C
Next by thread: Re: pen testing https portal?
Index(es):
- Date
- Thread

Relevant Pages

Re: Problems loggin in Windows Vista with a smart card enabled acc
... account configured for smart card logon in Windows Vista. ... in the paper published by Microsoft that is titled 'Windows Vista Smart Card ... The provider may be returning a "no PIN prompt" flag and the SC ... The second tile says "other user" ...
(microsoft.public.platformsdk.security)
RE: pen testing https portal?
... to all works logon on from anywhere and access apps and files. ... how it works is the username and pw are the users AD logon ... the user logs on he has a button saying generate pin! ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: Problems loggin in Windows Vista with a smart card enabled acc
... account configured for smart card logon in Windows Vista. ... in the paper published by Microsoft that is titled 'Windows Vista Smart Card ... The provider may be returning a "no PIN prompt" flag and the SC ... press CTRL + ALT + DEL to be able to log on with a different account. ...
(microsoft.public.platformsdk.security)
Re: pen testing https portal?
... So, assuming '1234' is your PIN all the time, and the temporary '0192' ... how it works is the username and pw are the users AD logon details, the pin is emailed to the user, so for example when the user logs on he has a button saying generate pin! ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: Radio Licence Renewal
... be a letter of some description, possibly a username and PIN. ... the year i.e. send out the letter a month before your paper one expires or ... I'm presuming that once in the system you'll be able ...
(uk.radio.amateur)