Bugtraq mailing list archives
Re: otp - the next generation
From: Tristam Fenton-May <tfm () EARTH LI>
Date: Fri, 23 Mar 2001 15:59:41 +0000
On Thu, Mar 22, 2001 at 01:36:23AM +0100, Lukasz Luzar wrote:
How does it work ? ================== When you want to log into the server from an untrusted network, then you send a SMS message with your real login and password (e.g. "john 12blah45") in the body of message to the GSM phone connected to the server.
Surely this means that anyone who gets tempory access to your mobile phone only needs to look at the outgoing messages which are left stored in your phone to find your plain-text username/password? Considering the places people leave their phones - this seems like a bad idea. -- TFM
Current thread:
- otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
- Re: otp - the next generation Casper Dik (Mar 23)
- Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
- Re: otp - the next generation Tollef Fog Heen (Mar 23)
- Re: otp - the next generation Ben Laurie (Mar 23)
- Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)
- Re: otp - the next generation Szilveszter Adam (Mar 23)