BOOK THIS SPACE FOR AD
ARTICLE AD20. January 2022
This article has been indexed from
CySecurity News – Latest Information Security and Hacking Incidents
According to new research from Varonis, a vulnerability in Box’s implementation of multi-factor authentication (MFA) allows attackers to take over accounts without having access to the victim’s phone. Because of the flaw, which was patched in November 2021, an attacker just needed stolen credentials to get access to a company’s Box account and steal sensitive information if SMS-based MFA was activated. Users without Single Sign-On (SSO) can further secure their accounts using an authenticator app or SMS for second-factor authentication, according to Box, which says that close to 100,000 firms utilize its platform.
How Does SMS Verification Work in Box?
After providing a username and password in Box’s login form, the user is redirected to one of two pages:
When a user attempts to log into a Box account, the platform saves a session cookie and leads to a page where they must enter a time-based one-time password (TOTP) from an authenticator app (at /mfa/verification
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article:
By continuing to use the site, you agree to the use of cookies. more information