For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

LD24_184287's avatar
LD24_184287
Icon for Nimbostratus rankNimbostratus
Mar 25, 2015

I am using SMSGlobal to send the OTP to users. I am facing a strange issue I can see in the reports in the current session that its been picking up the right mobile number from AD and assigning different OTP every time but for some strange reason its sending sms to the single user with the same OTP when different users are trying to login.

 

For instance user A for the first time tries to login to ssl vpn, he receives the OTP. Now when user B tries to login to ssl vpn then user A receives the same OTP again and then if user C tries to access ssl VPN user A receives the same OTP again on his mobile. where as user C and B doesn't receive any OTP on there mobiles.

 

But if I go and check the sessions under reports on F5 APM i can see there appropriate phones numbers and new OTP is assigned to all three users.

 

This the form action http://www.smsglobal.com/http-api.php

 

Hidden Parameters- action=sendsms&user=xxxxx&password=xxxxx&&api=1&to="%{session.user.otp.mobile}"&text="%{session.user.otp.pwd}"

 

Any help will be highly appreciated.

 

Thanks, LD