Researchers discover ‘extremely easy’ 2FA bypass in Box cloud management software


Box has moved to repair a flaw in its SMSbased multifactor authentication (MFA), just weeks after its interim onetime password (TOTP)based MFA was discovered to be vulnerable as well.

Varonis Threat Labs outlined how well the method could allow an attacker to use stolen information to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone in a technical blog post.

Read More…