cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Security oddity at the library

My library uses Bibliocommons as its interface.  (I tend to use Bibliocommons as an example of Software (or Platform) as-a-Service.)

 

I was trying to sign on last night (a little after midnight, so some maintenance might have been going on), and got an error message saying I should try again. (I don't recall any maintenance notice.) I did try again, several times, until all at once I got a different message, basically saying that I was blocked out of my account for an hour because too many attempts had been made with the wrong password.

 

I wasn't trying with the wrong password (and confirmed that).

 

Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.

This is concerning, since it may indicate potential weaknesses in the security system itself ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
3 Replies
AppDefects
Community Champion


@rslade wrote:

My library uses Bibliocommons as its interface. 

 

Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.

This is concerning, since it may indicate potential weaknesses in the security system itself ...


@rslade found a Bug! Bug! Bug! File a defect...

Caute_cautim
Community Champion

@AppDefects @rslade Did you report it?  Or exploit it?

 

Regards

 

Caute_cautim

rslade
Influencer II

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

> @AppDefects @rslade Did you report it?

>  Or exploit it?

I always report issues like this.

Haven't worked out an exploit, yet.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Re-unite Rodinia! - rms
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468