HomeUpdateIn Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

In Box, Varonis uncovered a new vulnerability that escapes multi-factor authentication

-

Last Updated on 06/12/2021 by Riya

Varonis uncovered a technique to circumvent multifactor authentication for Box users that leverage authenticator applications. An adversary might hijack an organization’s Box account and extract relevant critical data without entering a one-time password, as per Tal Peleg, a senior security expert at Varonis.

Varonis alerted Box about the vulnerability through HackerOne on November 3rd, and the firm has subsequently presented a remedy. Box enabled accounts to leverage TOTP-based authenticator applications including Google Authenticator, Okta Verify, Authy, Duo, and others in January 2021.Box advocates TOTP against SMS-based verification, according to Peleg, for logical purposes: Sms can be collected exploiting SIM switching, port-out scam, and various other methods. He claims,

“Authenticator applications that leverage the TOTP (time-based one-time password) technique are convenient for people as well as considerably reliable over SMS. Typically.”

Riya
Riya
Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.
- Advertisment -[the_ad id="13487"]

Must Read