We have an outstanding feature request ( issue #58) to do so for Fortitoken. It should be possible to reimplement other proprietary 2FA apps in a similar way. Oathtool -v -b -totp HBRXYG6HH64VPFLMTSV57GSGGK6QY6I6 #. Oathtool -b -totp HBRXYG6HH64VPFLMTSV57GSGGK6QY6I6 # output one code You can use oathtool to generate the same OTP codesĪs would be produced by the official VIP Access apps: You will need the ID to register this credential: SYDC94595813 This credential expires on this date: T21:38:53.998Z Otpauth://totp/VIP%20Access:SYDC94595813?secret=HBRXYG6HH64VPFLMTSV57GSGGK6QY6I6&digits =6&algorithm =SHA1ℑ=https%3A%2F%%2Fdlenski%2Fpython-vipaccess%2Fmaster%2Fvipaccess.png.=30 Then take the otpauth:// URL from the output and load it into any TOTP authenticator app (perhaps via QR code), and register the credential ID with whatever company is telling you to use Symantec VIP Access for 2FA:įetching provisioning response from Symantec server.Ĭhecking token against Symantec server. If you need to use Symantec VIP Access but don't want to use the proprietary app, simply run python-vipaccess as follows to provision and test a new soft-token. I'm now the maintainer of python-vipaccess, which will allow you to provision a Symantec VIP Access soft-token using a simple command line tool. ![]() Happily, we’ve known how to do this since ~2014, when the Symantec VIP Access provisioning process was first studied and reimplemented in Python. This means that if you can intercept the TOTP secret/key from the HTTPS-based provisioning process, you can use it with a standard TOTP-based authenticator app. Symantec VIP Access turns out to be entirely based on standard TOTP. The Symantec VIP Access app is a rather commonly-deployed example of such: many companies require their employees to use it for 2FA for access to VPNs and other corporate systems. Enter this Security Code into the field provided on the website or application you are trying to access. Select the account corresponding to the site or application you are trying to access and a six-digit Security Code will be displayed. Parent article: TOTP authentication with free softwareīehind the scenes, many proprietary/closed-source authenticator apps are actually based on TOTP. In the Symantec VIP app, you will see your registered account listed. I guess either way youd still need to know website+username+password+ (spoofed MFA), but it just seems like generating multiple credentialIDs wouldve been trivial for Symantec to do. ![]() Posted 21:44 UTC (Thu) by moxfyre (guest, #13847) In this case, there is no option to use multiple VIP Access Credential IDs on the same device, so you just share the same one across all target websites. Substituting open/standard TOTP authenticators for proprietary apps
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |