Secured share UvA and HvA sites susceptible to man-in-the-middle attack




The login page of the University of Amsterdam and the University of Amsterdam would be susceptible to a man-in-the-middle attack. Students got to the IT department of educational institutions, but were reportedly refused their requests.

HvA and UvA would use their login pages respectively an old and weak SSL certificate, tell the students against Folia. With a Raspberry Pi they made a derivative of eduroam network, after which they then stripped the certificate. The students used a tool for this that the automated process.

In a video, the students show how they work. “Imagine if we had called our network” eduroam “. All students and staff log unsuspectingly in on that, so we can all had their HVA and UvA credentials understand,” they say to Folia. Students drew his own words in the IT departments at the bell, but heard nothing more from them in September. Therefore, they lit up in the media.

According HvA is not yet certain whether the attack is directly linked to the “bad” security level of the educational institutions. However, the school has announced to continually focus on the SSL implementation, because of the vulnerabilities that are frequently known.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »