Lesson Plan Title: Multi Level Login 1

Concept / Topic To Teach:

A Multi Level Login should provide a strong authentication. This is archived by adding a second layer. After having logged in with your user name and password you are asked for a 'Transaction Authentication Number' (TAN). This is often used by online banking. You get a list with a lots of TANs generated only for you by the bank. Each TAN is used only once. Another method is to provide the TAN by SMS. This has the advantage that an attacker can not get TANs provided by the user.

General Goal(s):

In this Lesson you try to get around the strong authentication. You have to break into another account. The user name, password and a already used TAN is provided. You have to make sure the server accept the TAN even it is already used.