Passmark Sitekey at Bank of America Vulnerability
Source: Help Net Security - Posted by LogError   
Latest News LogError writes: A vulnerability of the Passmark Sitekey login approach at Bank of America could permit an attacker to remotely lock out thousands of customers from their online banking accounts. The vulnerability announced today is similar to a DoS attack in that it permits an attacker to remotely "lock out" customers from their online accounts, potentially overwhelming the bank's customer support lines with calls from frustrated customers.

Read this full article at Help Net Security

Comments
Written by Yuri on 2006-09-01 03:56:29
Paper at http://cr-labs.com/publications/ is correct. 
Sitekey is totally open to man in the middle attacks. The customer service costs in resetting users is large. The upgrade problems refered to in the articles were as a result of trying to improve security, but there were bugs and after those were fixed the new system was killing the database and were disabled.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!