[the_ad id="12394"]
HomeUpdateIn Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

In Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

-

Varonis uncovered a technique to circumvent multifactor authentication for Box users that leverage authenticator applications. An adversary might hijack an organization’s Box account and extract relevant critical data without entering a one-time password, as per Tal Peleg, a senior security expert at Varonis.

Varonis alerted Box about the vulnerability through HackerOne on November 3rd, and the firm has subsequently presented a remedy. Box enabled accounts to leverage TOTP-based authenticator applications including Google Authenticator, Okta Verify, Authy, Duo, and others in January 2021.Box advocates TOTP against SMS-based verification, according to Peleg, for logical purposes: Sms can be collected exploiting SIM switching, port-out scam, and various other methods. He claims,

“Authenticator applications that leverage the TOTP (time-based one-time password) technique are convenient for people as well as considerably reliable over SMS. Typically.”

Riya
Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.

Must Read

How a planned gallery uncovered a mother lode of exemplary Slovak...

0
Before the end of last year, the Slovak Design Museum delivered a deciphered assortment of '80s text experiences from the district. The games, frequently...