I recently noticed that we have a potential security issue depending on who is using the Web Help Desk portal. We have both a Service Desk and Desktop team that work with users that may have issues with logging into the POA. The issue I found is that if I give out WHD portal access to the desktop team, they can then log into any SafeGuard encrypted PC using a one time login.
The desktop tech could open the web portal on another computer and then type their own username into the client pc before generating the challenge response. They could then issue theirselves a response to gain access to that PC.
I was under the impression that only the initial user would be able to login to a PC through the POA even if a challenge/response was granted. Is their some policy that limits a challenge/response on a PC to only the specifically assigned user from the SGN Management Console?
This is an issue because we want out Desktop teams to also have the ability to generate a response to a challenge for an end user, but we do not want to allow them to login through the POA to any machine they happen to have. Logging in through he POA should require the original user or a predefined administrator.
This thread was automatically locked due to age.