HomeUpdateIn Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

In Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 06/12/2021 by Riya

Varonis uncovered a technique to circumvent multifactor authentication for Box users that leverage authenticator applications. An adversary might hijack an organization’s Box account and extract relevant critical data without entering a one-time password, as per Tal Peleg, a senior security expert at Varonis.

Varonis alerted Box about the vulnerability through HackerOne on November 3rd, and the firm has subsequently presented a remedy. Box enabled accounts to leverage TOTP-based authenticator applications including Google Authenticator, Okta Verify, Authy, Duo, and others in January 2021.Box advocates TOTP against SMS-based verification, according to Peleg, for logical purposes: Sms can be collected exploiting SIM switching, port-out scam, and various other methods. He claims,

“Authenticator applications that leverage the TOTP (time-based one-time password) technique are convenient for people as well as considerably reliable over SMS. Typically.”

Riya
Riya
Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

0
Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...