Hacker News new | ask | show | jobs
by ivanbakel 3336 days ago
You send them your public key in a GET request, and the payload you get back is the encrypted HTML page. Make sure to pick a big enough key size, or you might not see the whole thing...
1 comments
bungie4 3336 days ago
No, in this case it's RSA SecureID

https://en.wikipedia.org/wiki/RSA_SecurID

A one time, time based hash as 2FA. Despite using this 2FA, the bad code completely circumvents it.

link