bichhawat
commented
4 days ago Please check if this issue is reproducible and let me know today if it is not by posting screenshots. Kindly follow all steps that Chandrabhan has listed
Open cpatel321 opened 5 days ago
bichhawat
commented
4 days ago Please check if this issue is reproducible and let me know today if it is not by posting screenshots. Kindly follow all steps that Chandrabhan has listed
ishikajain212
commented
4 days ago We’re having trouble understanding the specific issue you're referring to. On our end, the code runs correctly on a single machine, even with multiple clients. Could you provide more details on the problem?
Additionally, could you clarify what you mean by “external computer”? If you’re running the bank and ATM components on separate devices, please note that this code is designed to work only on a single device.
Regarding the Makefile, it seems that you may not have run the command specified in our README, which might be causing this issue.
The current login mechanism exhibits inconsistent behavior across different client environments, indicating a potential security vulnerability in authentication. Specifically, login attempts fail when initiated from an external computer, even though registration from the same external connection succeeds. In contrast, users can log in and register successfully from the localhost client, yet users registered locally also cannot log in from an external computer.
The ./atm client implements multi-layered security (client-side encryption in addition to SSL/TLS), but there may be inconsistencies in encryption and decryption across different client environments. This discrepancy suggests that while users are registering successfully, the stored credentials may not match the expected format upon login. If the password encryption or decryption process does not align with storage requirements, the mismatch could potentially leave user accounts vulnerable.
The following screenshot illustrates a failed login attempt for a user registered locally from an external connection:
This issue impacts security on two levels: Authentication Integrity: If client-side encryption does not reliably encrypt and decrypt credentials consistently across all clients, unauthorized access could become possible in cases where incorrect data is stored due to mismatched encryption protocols. Users attempting to log in externally are left unable to access their accounts, potentially eroding trust in the system’s reliability.
Account Security: Since login functionality relies on encrypted credentials, any inconsistency in the encryption/decryption protocols poses a security risk. If a user’s encrypted password is stored incorrectly or is incompatible between environments, it could make accounts more susceptible to unauthorized access or manipulation, especially if attackers identify a pattern in the stored data structure. In my opinion solving this problem would require both functional and security changes.
Apart from this issue, the make file is not working properly it contains no different folder for source files but in the make the following lines are mentioned.
I have pickled the test condition. You may access them here.