https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25932#M1589 <P><A href="https://nvdpl.bibliocommons.com/user_profile/74277513" target="_blank" rel="noopener">My library</A> uses Bibliocommons as its interface.&nbsp; (I tend to use Bibliocommons as an example of Software (or Platform) as-a-Service.)</P><P>&nbsp;</P><P>I was trying to sign on last night (a little after midnight, so some maintenance might have been going on), and got an error message saying I should try again. (I don't recall any maintenance notice.) I did try again, several times, until all at once I got a different message, basically saying that I was blocked out of my account for an hour because too many attempts had been made with the wrong password.</P><P>&nbsp;</P><P>I wasn't trying with the wrong password (and confirmed that).</P><P>&nbsp;</P><P>Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.</P><P>This is concerning, since it may indicate potential weaknesses in the security system itself ...</P> Fri, 26 Jul 2019 14:46:57 GMT rslade 2019-07-26T14:46:57Z https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25932#M1589 <P><A href="https://nvdpl.bibliocommons.com/user_profile/74277513" target="_blank" rel="noopener">My library</A> uses Bibliocommons as its interface.&nbsp; (I tend to use Bibliocommons as an example of Software (or Platform) as-a-Service.)</P><P>&nbsp;</P><P>I was trying to sign on last night (a little after midnight, so some maintenance might have been going on), and got an error message saying I should try again. (I don't recall any maintenance notice.) I did try again, several times, until all at once I got a different message, basically saying that I was blocked out of my account for an hour because too many attempts had been made with the wrong password.</P><P>&nbsp;</P><P>I wasn't trying with the wrong password (and confirmed that).</P><P>&nbsp;</P><P>Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.</P><P>This is concerning, since it may indicate potential weaknesses in the security system itself ...</P> Fri, 26 Jul 2019 14:46:57 GMT https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25932#M1589 rslade 2019-07-26T14:46:57Z https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25936#M1590 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;wrote:<BR /><P><A href="https://nvdpl.bibliocommons.com/user_profile/74277513" target="_blank" rel="noopener">My library</A> uses Bibliocommons as its interface.&nbsp;</P><P>&nbsp;</P><P>Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.</P><P>This is concerning, since it may indicate potential weaknesses in the security system itself ...</P><HR /></BLOCKQUOTE><P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;found a Bug! Bug! Bug! File a defect...</P> Fri, 26 Jul 2019 15:22:45 GMT https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25936#M1590 AppDefects 2019-07-26T15:22:45Z https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25993#M1601 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a> Did you report it?&nbsp; Or exploit it?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Sun, 28 Jul 2019 19:40:49 GMT https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/25993#M1601 Caute_cautim 2019-07-28T19:40:49Z https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/26043#M1606 &gt; Caute_cautim (Community Champion) mentioned you in a post! Join the conversation<BR /><BR />&gt; <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/887781263">@AppDefects</a>&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a> Did you report it?<BR /><BR />&gt;&nbsp; Or exploit it?<BR /><BR />I always report issues like this.<BR /><BR />Haven't worked out an exploit, yet.<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Re-unite Rodinia! - rms<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Mon, 29 Jul 2019 18:11:58 GMT https://community.isc2.org/t5/Tech-Talk/Security-oddity-at-the-library/m-p/26043#M1606 rslade 2019-07-29T18:11:58Z