System login picture verification code verification process security improvement - Code World

System login picture verification code verification process security improvement

Others 2020-10-03 18:29:45 views: null

background:

The security department issued a document stating that the verification code for our platform login is at risk of brute force cracking. Take a look immediately:

漏洞风险等级：低危
涉及页面及url：http://xxxx.com/#/login
涉及参数：--
漏洞描述：登陆界面由于验证码不失效，导致可以暴力破解，但破解得到的账户无法登录。 
修复建议：后台设置验证码使用一次失效

deal with:

Mainly do 2 points: First, refresh the verification code if the login fails. The second is that the back-end service will invalidate the verification code of the login failure regardless of success or failure after verification.

I sorted out the process, and the steps in red are suggested improvements.

https://www.processon.com/view/link/5ed7608e0791291d5dbf517f

Guess you like

Origin blog.csdn.net/qq_37372909/article/details/106528083

System login picture verification code verification process security improvement

How to write the detailed process and code of the background management system login verification

Login verification + verification code

Login Verification (Verification Code)

Login picture verification code - front-end verification

Integrated picture verification code Kaptcha-completes login verification function

httpClient login with verification code

SpringBoot implements login verification code (with integrated Spring Security)

Spring Security (6): Realize graphical verification code login

The login interface contains verification code verification

Login using SMS verification code development process and explain the steps

Talk about the implementation process of SMS verification code login

SMS verification code login process ideas and detailed steps

[JAVA realizes picture verification code]

Spring Security Log parsing source code verification process

Android phone app verification code verification process

Java, SSM + Shiro system login verification code implementation

Java interface and login verification code

layui login interface verification code

Android implementation of verification code login

access login verification code 2

About verification code login (1)

Brute force and verification code security-verification code security

Verification code security method comparison

python code verification process (1)

Vue project web front-end login page digital verification code login process

[5 types of login verification verification] 5 types of login verification code components based on jquery (with complete source code)

Login based on Kaptcha verification code verification should be implemented like this

Processing of picture verification code by Python+Requests

SpringBoot--picture verification code kaptcha

Recommended

The United States plans to restrict the export of large AI models to China and Russia

Apple to reach agreement with OpenAI to bring ChatGPT to iPhone

Ranking

whisper-webui installation tutorial is silky and easy to use

[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations

Import torchvision error problem solving DLL: module not found

observer & watch & notify = pub & sub

A small turntable program [HTML + CSS + JS]

CorelDRAW 2018 shortcuts Daquan

Supervise el botón de menú para lograr un gatillo de presión prolongada

JS将时间秒转换成天小时分钟秒的字符串

RIP basic configuration

[Deleted] solution to a problem a few questions (Noip1994)

Daily

More

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)