[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

On 4/28/20 2:30 PM, Bernd Zeimetz wrote:
> On 4/27/20 2:49 AM, Paride Legovini wrote:
>> An active MITM attack is way more complicated than just sniffing and
>> storing traffic for later analysis. Changing the 2FA or password is not
>> a great strategy, as you would immediately realize what's going on.
>> Silently gaining access to an account allows to act when the conditions
>> are the best from the attacker's point of view.
> Exactly.
> An attacker would gain access to a few accounts, wait and see what they
> can do with the gained permissions in the long run. And at some point
> compromise something.
> 2FA stops this kind of attacks completely. Without a current 2fa token,
> your password knowledge is useless.
> Gaining access with a MITM attack once gives you a very short amount of
> time to do whatever you want to do, as your login will be gone as soon
> as the next login without MITM happens.

That's not the case. An MITM attack could gain a session and maintain it
open, while the end user would just notice "oh shit, I miss-typed the
2FA numbers, let's try again". Then the only thing the attacker needs to
do is keep the session open to not loose access...


Thomas Goirand (zigo)

Reply to: