Posts by andreashappe@infosec.exchange
 (DIR) Post #AQAKqDHlMOGJZhVYQK by andreashappe@infosec.exchange
       2022-12-01T07:12:23Z
       
       0 likes, 0 repeats
       
       @mav @jeff @ericazelic is https being used? if so, this is common behaviour (as there seems to be a slow uptake of PAKE).I'd go with medium, maybe high. but not due to the confidentiality of the data (which must be given by TLS anyways) but because of the (highly probable) lack of session management (no logout, etc.)
       
 (DIR) Post #AQANLOruXoo6NtPlzs by andreashappe@infosec.exchange
       2022-12-01T14:50:45Z
       
       0 likes, 0 repeats
       
       @jeff @Freyja @mav @ericazelic not sure I am getting you right, with pin you mean HSTS or an application pinning the cert?
       
 (DIR) Post #AQAOnLCbruWf4nz2P2 by andreashappe@infosec.exchange
       2022-12-01T15:14:28Z
       
       0 likes, 0 repeats
       
       @jeff @Freyja @mav @ericazelic how (or from where) do you get the custom error page.. you wouldn't want to trust the web server (with the invalid TLS certificate)? can you roll out something like this company-wide? i think i still am missing some piece of the puzzle