Thursday, September 6, 2018

Portugal computer justice system is just 3 failed password attempts away

The computer system Citius, used by the Justice Department in Portugal, has a very strange notion of "security". Should a user fail the login attempt three times, the system would simply allow them to create a new password.

This came to light among the many revelations made by an investigation into one of the countries largest soccer club - Benfica - that is being accused of corruption and having access to privileged information for ongoing justice investigations. Apparently, the "mole" was simply taking advantage of that security (should we still call that security?) issue, by simply failing a login three times using any magistrate's username, and then entering a new password and have full access to the system.

... What would all those security experts, that have been alerting us for years that SMS-based 2-factor authentication isn't secure enough, think of this?

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store