{"id":233670,"date":"2026-04-16T04:00:00","date_gmt":"2026-04-16T08:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/16\/server-room-lock-was-nothing-but-a-crock-the-register\/"},"modified":"2026-04-20T23:15:18","modified_gmt":"2026-04-21T03:15:18","slug":"server-room-lock-was-nothing-but-a-crock-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/16\/server-room-lock-was-nothing-but-a-crock-the-register\/","title":{"rendered":"Server-room lock was nothing but a crock \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/16\/pwned_server_room_lock_lol\/\">Server-room lock was nothing but a crock \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/16\/pwned_server_room_lock_lol\/\">https:\/\/www.theregister.com\/2026\/04\/16\/pwned_server_room_lock_lol\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-16 04:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p><span class=\"label\">PWNED<\/span> Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If you\u2019re the kind of person who leaves your car doors unlocked with a pile of cash in the center console, this week\u2019s story is for you.<\/p>\n<p>Our tall tech tale of woe comes courtesy of a reader we\u2019ll Regomize as Pete. Pete used to work at a company that handled parking fees and was trying to secure ISO 27001 certification for its security controls.<\/p>\n<p>One vulnerability that showed up as part of the initial security screening was that the server room network was connected to the production datacenter network, so anyone entering that room could get all kinds of access. The solution: put a lock on the server room door.<\/p>\n<p>The lock that Pete\u2019s company bought used two-factor authentication. First, the entrant would have to swipe an ID card. Then, they\u2019d have to enter a four-digit PIN. If someone entered the wrong code, the failed attempt would be logged.<\/p>\n<p>On the day when the auditor was to come to the office, the team performed a final drill, which looked good at first. First, the CTO swiped their pass, entered the correct PIN, and gained access. Then a senior sysop swiped a card, entered the wrong passcode, and was denied entry. A junior sysop repeated the process and was also denied, as expected.<\/p>\n<p>However, the junior sysop then decided to try bashing the buttons on the keypad without swiping a card first. To his surprise, the door unlocked itself. The senior sysop was able to reproduce this unexpected behavior.<\/p>\n<p>Apparently, the problem was that if you entered more than 10 or 11 digits, the lock would become overloaded and open. If you entered the expected four digits and they were wrong or you didn\u2019t swipe a card, the lock would stay closed.<\/p>\n<p>With the inspection due that day, the company was faced&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/04\/16\/pwned_server_room_lock_lol\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Server-room lock was nothing but a crock \u2022 The Register https:\/\/www.theregister.com\/2026\/04\/16\/pwned_server_room_lock_lol\/ Publish Date: 2026-04-16 04:00:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233671,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2026\/04\/15\/shutterstock_2481485691.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-233670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233670"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233670"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233670\/revisions"}],"predecessor-version":[{"id":233672,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233670\/revisions\/233672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233671"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}