Missing security protocols for a bank login

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
videobruce
Hobby Astronomer
Hobby Astronomer
Posts: 28
Joined: 2019-03-17, 21:57
Location: New York State

Missing security protocols for a bank login

Unread post by videobruce » 2021-12-07, 16:32

A specific bank login (M&T Bank) isn't allowing entry probably due to a security protocol or similar. (https://onlinebanking.mtb.com/)
I know this since I had the exact same problem with a older version of FF (v56) that updating to v70 fixed.
The login returns some bogus screen that their site is down (which it isn't) when I try to logo into their site using PM v29.4.2.1

Is there any security settings that could be changed to fix this? I tried HSTS checked and unchecked with no difference.

User avatar
therube
Board Warrior
Board Warrior
Posts: 1435
Joined: 2018-06-08, 17:02

Re: Missing security protocols for a bank login

Unread post by therube » 2021-12-07, 18:30

I'd think...

cookies, blocking, or useragent.

Try spoofing your useragent & see if that gets you in.


This is the message page, https://onlinebanking.mtb.com/Information/Unavailable.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32007
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Missing security protocols for a bank login

Unread post by Moonchild » 2021-12-07, 18:36

Not sure. If I go to the bank URL posted I'm presented with a login screen prompting for credentials.
"You will observe with concern how long a useful truth may be known and exist before it is generally received and practiced on." -- Benjamin Franklin
"Compromise and collaboration lie at the heart of all great endeavours" -- Kassandra
Image

User avatar
therube
Board Warrior
Board Warrior
Posts: 1435
Joined: 2018-06-08, 17:02

Re: Missing security protocols for a bank login

Unread post by therube » 2021-12-07, 18:43

It seems to be none of what I mentioned above (best I can figure).

The page itself loads, including the un/pw fields.
It is after you enter a un/pw (bogus data is fine) where you're sent to the page I posted.


Not sure what they're checking on their end - unless it is specific features that are not available in PM?


(And it seems both Bruce & I have been here before ;-), SeaMonkey: M&T Online Banking is temporarily unavailable.)

vannilla
Board Warrior
Board Warrior
Posts: 1881
Joined: 2018-05-05, 13:29

Re: Missing security protocols for a bank login

Unread post by vannilla » 2021-12-07, 19:37

Going to the URL linked by OP I'm indeed presented with a screen saying the connection was reset.
My guess is the bank uses some encryption method that Pale Moon has deactivated like it happened with other sites (which might've been banks too, I don't remember) some time ago.
It works on not-UXP because those browsers tend to have a "connect at all costs" policy which completely disregards actual security and which can damage both users (who connect to not-really-secure sites) and the actual websites (as they don't realize their security is not really secure.)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32007
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Missing security protocols for a bank login

Unread post by Moonchild » 2021-12-08, 01:32

vannilla wrote:
2021-12-07, 19:37
Going to the URL linked by OP I'm indeed presented with a screen saying the connection was reset.
No, it doesn't. The https connection tot he server is just fine, and in fact seems to be properly set up for banking use (which is nice to see).
vannilla wrote:
2021-12-07, 19:37
My guess is the bank uses some encryption method that Pale Moon has deactivated like it happened with other sites (which might've been banks too, I don't remember) some time ago.
Your guess would be wrong, and Qualys SSLlabs agrees with my assessment. So unless you yourself disabled something you need, there would not be an https connection issue.
"You will observe with concern how long a useful truth may be known and exist before it is generally received and practiced on." -- Benjamin Franklin
"Compromise and collaboration lie at the heart of all great endeavours" -- Kassandra
Image

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32007
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Missing security protocols for a bank login

Unread post by Moonchild » 2021-12-08, 01:35

therube wrote:
2021-12-07, 18:43
It is after you enter a un/pw (bogus data is fine) where you're sent to the page I posted.
Then that would be an arbitrary issue on the server side that the browser can't do anything about, and only the bank can solve.
therube wrote:
2021-12-07, 18:43
And it seems both Bruce & I have been here before ;-), SeaMonkey: M&T Online Banking is temporarily unavailable.
So they fixed Firefox but now broke Pale Moon? XD
Anyway, nothing we can do on this end.
"You will observe with concern how long a useful truth may be known and exist before it is generally received and practiced on." -- Benjamin Franklin
"Compromise and collaboration lie at the heart of all great endeavours" -- Kassandra
Image

coffeebreak
Moon Magic practitioner
Moon Magic practitioner
Posts: 2986
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Missing security protocols for a bank login

Unread post by coffeebreak » 2021-12-08, 04:37

vannilla wrote:
2021-12-07, 19:37
Going to the URL linked by OP I'm indeed presented with a screen saying the connection was reset.
I saw this with Native UA mode. However with Firefox Compatibility mode the login form loaded as expected.

(Trying to actually use the form produced the page that therube linked.)

vannilla
Board Warrior
Board Warrior
Posts: 1881
Joined: 2018-05-05, 13:29

Re: Missing security protocols for a bank login

Unread post by vannilla » 2021-12-08, 09:29

Well, if it's because of the user agent that would explain it.
I don't change anything security-wise from the default values and always test with eMatrix disabled.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32007
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Missing security protocols for a bank login

Unread post by Moonchild » 2021-12-08, 14:29

coffeebreak wrote:
2021-12-08, 04:37
I saw this with Native UA mode. However with Firefox Compatibility mode the login form loaded as expected.
The defaults are there for a reason. Quite possible they simply cut the connection if they don't recognise the UA.
"You will observe with concern how long a useful truth may be known and exist before it is generally received and practiced on." -- Benjamin Franklin
"Compromise and collaboration lie at the heart of all great endeavours" -- Kassandra
Image

videobruce
Hobby Astronomer
Hobby Astronomer
Posts: 28
Joined: 2019-03-17, 21:57
Location: New York State

Re: Missing security protocols for a bank login

Unread post by videobruce » 2021-12-08, 20:24

Thanks for all here!!!! Wow, I didn't expect this number of responses.

Question; I kinda got lost here with all the replies. I want to call the IT department of this bank but I know damn well what they will tell me; use Chrome Dome which is a four letter word in my book.

The FF v70 (older version i know so I assume the current one would still work) that works I made no changes to any options as far as security goes. I'm using it as is. This FF Compatibility mode is that for PM or FF?

BTW, both browsers are 'Portable' versions if that matters.

videobruce
Hobby Astronomer
Hobby Astronomer
Posts: 28
Joined: 2019-03-17, 21:57
Location: New York State

Re: Missing security protocols for a bank login

Unread post by videobruce » 2021-12-08, 20:36

It was 2 1/2 years ago M&T Bank changed protocols or similar that made FF v56 stop working forcing me to upgrade to v70 which I resisted due to the loss of compatibility of legacy extensions. :evil: .
Seamonkey v2.48 still doesn't work either. It's just odd a older version FF works. :wtf:

vannilla
Board Warrior
Board Warrior
Posts: 1881
Joined: 2018-05-05, 13:29

Re: Missing security protocols for a bank login

Unread post by vannilla » 2021-12-08, 21:15

videobruce wrote:
2021-12-08, 20:24
This FF Compatibility mode is that for PM or FF?
It's for Pale Moon.
Go to Tools -> Preferences -> Advanced -> Compatibility and in the dropdown menu select "Firefox Compatibility".
That should make the login page usable.

videobruce
Hobby Astronomer
Hobby Astronomer
Posts: 28
Joined: 2019-03-17, 21:57
Location: New York State

Re: Missing security protocols for a bank login

Unread post by videobruce » 2021-12-08, 22:55

That is the default setting I believe and that was what it was set for.
How about under 'Certificates', anything there of interest?

Ok, how is FF different than PM regarding any of these security functions?

coffeebreak
Moon Magic practitioner
Moon Magic practitioner
Posts: 2986
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Missing security protocols for a bank login

Unread post by coffeebreak » 2021-12-09, 02:19

videobruce wrote:
2021-12-08, 22:55
That is the default setting I believe and that was what it was set for.
Which do you mean when you say in the opening post: "A specific bank login (M&T Bank) sn't allowing entry" ?

1) Does the login page itself not load and show an error message that says "Secure Connection Failed..."
Or
2) Or does the login page itself load, but then logging-in fails?

The advice to use Firefox Compatibility mode was geared to point 1.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 32007
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Missing security protocols for a bank login

Unread post by Moonchild » 2021-12-09, 08:18

For Point 2 in coffeebreak's post, see my reply here
i.e. there is no reason on Pale Moon's end why this would fail in terms of "security protocols".
"You will observe with concern how long a useful truth may be known and exist before it is generally received and practiced on." -- Benjamin Franklin
"Compromise and collaboration lie at the heart of all great endeavours" -- Kassandra
Image

videobruce
Hobby Astronomer
Hobby Astronomer
Posts: 28
Joined: 2019-03-17, 21:57
Location: New York State

Re: Missing security protocols for a bank login

Unread post by videobruce » 2021-12-09, 14:37

coffeebreak;
See post two from 'the rube' as to the result of trying to login. The M&T message is bogus (lamo award for a non sensible error message).
It appears to accept the login, but that non sensible page appears. I don't get a typical login error page as 'bad username/password' or similar.
Last edited by videobruce on 2021-12-09, 17:51, edited 1 time in total.

Lucio Chiappetti
Lunatic
Lunatic
Posts: 480
Joined: 2014-09-01, 15:11
Location: Milan Italy

Re: Missing security protocols for a bank login

Unread post by Lucio Chiappetti » 2021-12-09, 15:32

videobruce wrote:
2021-12-09, 14:37
result of tiring to login
I assume you mean "trying" not "getting tired". The misspelling can give rise to some misunderstanding as it seems to have occurred in another thread viewtopic.php?f=3&t=27661#p222181
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)

coffeebreak
Moon Magic practitioner
Moon Magic practitioner
Posts: 2986
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Missing security protocols for a bank login

Unread post by coffeebreak » 2021-12-09, 16:25

videobruce wrote:
2021-12-09, 14:37
See post two from 'the rube' as to the result of tiring to login.
For how my question was framed, your problem fits under "point 2". ;)


Please see Moonchild's last post, just above yours, plus the post he linked to there, his 3rd post:
Moonchild wrote:
2021-12-08, 01:35
therube wrote:
2021-12-07, 18:43
It is after you enter a un/pw (bogus data is fine) where you're sent to the page I posted.
Then that would be an arbitrary issue on the server side that the browser can't do anything about, and only the bank can solve.
[...]
Anyway, nothing we can do on this end.
@videobruce,
Please contact your bank, because only they can address this.
When you contact them, DESCRIBE what happens so they can picture it accurately (but don't equate guesses about the cause with a description, that can confuse things).

User avatar
therube
Board Warrior
Board Warrior
Posts: 1435
Joined: 2018-06-08, 17:02

Re: Missing security protocols for a bank login

Unread post by therube » 2021-12-09, 17:34

See if the page (form) you initiate the login from makes any difference?

Go here, https://www3.mtb.com/, & click the 'Log In >' button there.
Enter your un/pw.
Does that log you in or are you still redirected to the "error" page?

Post Reply