Quote:
Originally Posted by KlenTelaris
By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.
|
with a keylogger in the trojan there are also a few other ways.
no matter on what device you receive the pin you have to type it into the website.