How about Client-Bank again or when you changed your password from three letters?
A sad tale with a dangling ending.
There is a company, there is a bank account, there are dozens of operations per week. Of course, there is Client-Bank. He is terribly secure, cool and serious, with keys, EDS, two-way encrypted transport, etc.
Our accountant serves 3 firms, all in one bank, all bank clients on 1 computer, all (attention!) Have the same three-letter password. For your and my safety reasons, I will not write it.
')
Having received the client bank at the bank, I immediately asked the technical support employee about changing the password. An employee with a look of offended innocence brought me, like a blonde, a printout from the help, where it says "In the Service menu, select Change password, enter the old and the new."
Well, great, I thought, and forgot for a while.
But for the new year 2010, I was going to change my password. I checked the account for the last time on December 31, 2009 and pressed that button from the Tools menu.
Entered the old password, entered a new one. Two times entered. Everything is fine, it works.
I think I will come and go.
Log in with a new password. Error is generated by the DB driver that the DBA password is not recognized and generally check the password (the screen did not save unfortunately). Everything is systemic and Latin. Repeated, repeated twice with the same effect.
I think, well, then the password has not changed.
I enter the old. The system issues an OTHER error message, civil, client-banking, that the password is incorrect.
I try to enter 123456 in the password window, I see again the civil Russian message that the password is not the same.
What are the conclusions? That the client bank's database is stored separately, that it is protected by a password (thank the Creator), but when changing the password in the software, the password to the database does not change (otherwise how to explain different error messages?).
Well, the new year is coming, the client bank is not working, I am going to celebrate, confident that no one will break into the account for sure, since both passwords are not suitable.
January 11th, I called the bank to the same comrade from the support. What it turns out:
1. All my hypotheses are correct. Moscow technical support of the bank (or even the developer) "does not recommend changing the password."
2. You can change the password "directly to DBA" (smart people from Habr, do you understand what this spell means?).
3. Our access problem can be solved ONLY by getting a fresh distribution with the old password stitched in.
The end is a bit predictable. And so it happened - I brought a fresh distribution.
Summary
1. If an outsider can sit at the accountant’s computer and see the familiar bank-client tab, he can safely write a password of three letters and operate your account.
2. To my persistent requests to resolve the issue I received an instruction from 5 lines by fax.
3. To my descriptions of threats arising from the situation, curses, transfer of risks that they create with their system, I did not answer anything intelligible.
I would like to finish the lines from the description of the bank client:
Sekurnaya, kosher, competent, secure system. EDS, transport ...
Just all passwords are the same. For comfort.
You just can not change them. Just in case.
For those interested - BS-Client, version 3.15.6.270
Ps. Do not forget to remove the little cap.
There is a company, there is a bank account, there are dozens of operations per week. Of course, there is Client-Bank. He is terribly secure, cool and serious, with keys, EDS, two-way encrypted transport, etc.
Our accountant serves 3 firms, all in one bank, all bank clients on 1 computer, all (attention!) Have the same three-letter password. For your and my safety reasons, I will not write it.
')
Having received the client bank at the bank, I immediately asked the technical support employee about changing the password. An employee with a look of offended innocence brought me, like a blonde, a printout from the help, where it says "In the Service menu, select Change password, enter the old and the new."
Well, great, I thought, and forgot for a while.
But for the new year 2010, I was going to change my password. I checked the account for the last time on December 31, 2009 and pressed that button from the Tools menu.
Entered the old password, entered a new one. Two times entered. Everything is fine, it works.
I think I will come and go.
Log in with a new password. Error is generated by the DB driver that the DBA password is not recognized and generally check the password (the screen did not save unfortunately). Everything is systemic and Latin. Repeated, repeated twice with the same effect.
I think, well, then the password has not changed.
I enter the old. The system issues an OTHER error message, civil, client-banking, that the password is incorrect.
I try to enter 123456 in the password window, I see again the civil Russian message that the password is not the same.
What are the conclusions? That the client bank's database is stored separately, that it is protected by a password (thank the Creator), but when changing the password in the software, the password to the database does not change (otherwise how to explain different error messages?).
Well, the new year is coming, the client bank is not working, I am going to celebrate, confident that no one will break into the account for sure, since both passwords are not suitable.
January 11th, I called the bank to the same comrade from the support. What it turns out:
1. All my hypotheses are correct. Moscow technical support of the bank (or even the developer) "does not recommend changing the password."
2. You can change the password "directly to DBA" (smart people from Habr, do you understand what this spell means?).
3. Our access problem can be solved ONLY by getting a fresh distribution with the old password stitched in.
The end is a bit predictable. And so it happened - I brought a fresh distribution.
Summary
1. If an outsider can sit at the accountant’s computer and see the familiar bank-client tab, he can safely write a password of three letters and operate your account.
2. To my persistent requests to resolve the issue I received an instruction from 5 lines by fax.
Tell your director. In the menu ... you need to remove the little cap ..., then go to the window ... etcWe guessed what a “kryzhik” is, although we could not complete the procedure. Naturally, the instruction was written especially for me and is missing in the help.
3. To my descriptions of threats arising from the situation, curses, transfer of risks that they create with their system, I did not answer anything intelligible.
I would like to finish the lines from the description of the bank client:
Since the BS-Client system is designed to work with financial documents, it pays special attention to security issues. The system uses cryptographic strong encryption and a digital signature (EDS) of all data that Clients exchange with the Bank. Encryption protects data from being intercepted by an attacker, and the EDS uniquely certifies the authorship of the data.
Sekurnaya, kosher, competent, secure system. EDS, transport ...
Just all passwords are the same. For comfort.
You just can not change them. Just in case.
For those interested - BS-Client, version 3.15.6.270
Ps. Do not forget to remove the little cap.
Source: https://habr.com/ru/post/83025/
All Articles