HomeUpdateIn Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

In Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication


We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 06/12/2021 by Riya

Varonis uncovered a technique to circumvent multifactor authentication for Box users that leverage authenticator applications. An adversary might hijack an organization’s Box account and extract relevant critical data without entering a one-time password, as per Tal Peleg, a senior security expert at Varonis.

Varonis alerted Box about the vulnerability through HackerOne on November 3rd, and the firm has subsequently presented a remedy. Box enabled accounts to leverage TOTP-based authenticator applications including Google Authenticator, Okta Verify, Authy, Duo, and others in January 2021.Box advocates TOTP against SMS-based verification, according to Peleg, for logical purposes: Sms can be collected exploiting SIM switching, port-out scam, and various other methods. He claims,

“Authenticator applications that leverage the TOTP (time-based one-time password) technique are convenient for people as well as considerably reliable over SMS. Typically.”

Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...