Société Générale (French #1 bank)
therealsun opened this issue · 0 comments
therealsun commented
Client number (login) is exactly 8 numbers.
Password is exactly 6 numbers.
No MFA is available for logging in !!!
Only operations (i.e wire transfer) have mobile app validation requirement.
Only protection during login phase is that you have to input password thru a pop up numeric keypad with numbers arranged in a random manner.
It's been brute/sprayed for around a year now, resulting with account locking for 24hrs. (Threshold is 3)