2-factor authentication with SSL-certificates… defeated | Just my blog

/dev/random

2-factor authentication with SSL-certificates… defeated

Once up on a time somewhere in the Netherlands, there was a guy who gave me all his usernames and passwords to enter the systems he has access to.

Their was an application accessable via the Internet, although you need a personal SSL-certificate before you can even enter your username and password

But… no problems… just copy the personal certificate out of MS IE… and load it on another machine… log in… and you’ve entered the matrix.

As you can see… the human is the critical factor in security!

Note: The case as described above was a bet with a good friend of mine, no illegal actions did happen!!!


  • Social

  • By continuing to use the site, you agree to the use of cookies. more information

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible and enable advertising to provide you free content. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

    Close