AnsweredAssumed Answered

ODA - Anyconnect auth works with initial PIN

Question asked by Erik Molnar on Aug 17, 2020

Dear All,

 

Found an interesting issue during testing ODA authentication. We enabled ODA authentication for a user, configured inital PIN and we tested the auth.

 

The application that we used for testing is Anyconnect.

 

The issue that I found is that by replacing the initial pin with the one that the user configured, the authentication will be accepted and the Anyconnect connection will establish only using the PIN. This is does not work next time as it will send the SMS with the passcode.

 

Can we somehow limit that the PIN replacement/initial PIN change won't result in a successfully authentication?

 

Thank you in advance.

 

Best Regards,


Erik Molnar 

Outcomes