Introduction
The portal requires users submit a username and password to authenticate. This communication is not encrypted. Method Check the HTML source code on the form page, and examine whether the FORM ACTION is GET/POST to a HTTPS:// URI. Recommendation 1) Enable SSL and disable HTTP for the portal 2) Use two-factor tokens (one time password) for strong authentication. 3) Modify the HTML source to ensure the data is POST'ed to a HTTPS URL. Comments are closed.
|
Archives
September 2017
Categories
All
|
|
|