If SMTP issues fail to deliver is there a means to retrieve the Email OTP
Article ID: 113697
Updated On:
Products
CA Rapid App Security
CA Advanced Authentication
Issue/Introduction
Can a Email OTP or SMS OTP related to a user be extracted from the CA Strong Authentication Database or Reports.
If SMTP issues fail to deliver is there a means to retrieve the Email OTP ?
If SMTP issues fail to deliver is there a means to retrieve the Email OTP ?
Environment
CA Risk Authentication and CA Strong Authentication
Resolution
1. Allowing retrieval of security credential such as an OTP (in clear) would constitute a security/privacy issue where others can access the Email or SMS OTP that was intended for a specific user.
2. None of the CA Reports will divulge this information.
3. No application such as the Arcot CA Strong Authenticaion Sample Application can be used to FETCH the OTP credentials in clear.
4. Even a dump of the CA Strong Authentication back end database tables will not provide the OTP in clear.
The root cause of delivery failure needs to be found and remedied. Then the OTP credential can be created again OR reissued before resending.
2. None of the CA Reports will divulge this information.
3. No application such as the Arcot CA Strong Authenticaion Sample Application can be used to FETCH the OTP credentials in clear.
4. Even a dump of the CA Strong Authentication back end database tables will not provide the OTP in clear.
The root cause of delivery failure needs to be found and remedied. Then the OTP credential can be created again OR reissued before resending.
Additional Information
None.
Feedback
Yes
No
Powered by
