0
I am the Adecco contractor. We did a penetration test. As a result of test we came up some ideas.
Idea is: We wanted to request to avoid multiple user sessions from more than one location concurrently. When a second session created the first should expire automatically.
Reason: Concurrent login can be exploited where the attacker can gains access to valid account credentials and login. If this is the case the user will not be aware about the unauthorized activity happening from their account.
Kindly check the possibilities to implement it.
Idea is: We wanted to request to avoid multiple user sessions from more than one location concurrently. When a second session created the first should expire automatically.
Reason: Concurrent login can be exploited where the attacker can gains access to valid account credentials and login. If this is the case the user will not be aware about the unauthorized activity happening from their account.
Kindly check the possibilities to implement it.
STATUS DETAILS
Needs Votes