cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Influencer I

Security oddity at the library

My library uses Bibliocommons as its interface.  (I tend to use Bibliocommons as an example of Software (or Platform) as-a-Service.)

 

I was trying to sign on last night (a little after midnight, so some maintenance might have been going on), and got an error message saying I should try again. (I don't recall any maintenance notice.) I did try again, several times, until all at once I got a different message, basically saying that I was blocked out of my account for an hour because too many attempts had been made with the wrong password.

 

I wasn't trying with the wrong password (and confirmed that).

 

Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.

This is concerning, since it may indicate potential weaknesses in the security system itself ...


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
3 Replies
Highlighted
Community Champion

Re: Security oddity at the library


@rslade wrote:

My library uses Bibliocommons as its interface. 

 

Therefore, there is something wrong in the security parts of the system, in that it can confuse it's own refusal to allow a login (for whatever reason) with a security violation.

This is concerning, since it may indicate potential weaknesses in the security system itself ...


@rslade found a Bug! Bug! Bug! File a defect...

Highlighted
Community Champion

Re: Security oddity at the library

@AppDefects @rslade Did you report it?  Or exploit it?

 

Regards

 

Caute_cautim

Highlighted
Influencer I

Re: Security oddity at the library

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

> @AppDefects @rslade Did you report it?

>  Or exploit it?

I always report issues like this.

Haven't worked out an exploit, yet.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Re-unite Rodinia! - rms
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468