Inside Out Security Blog

Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth

Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth | Varonis

Multi-Factor Authentication (MFA) is a critical security control in the increasingly cloud-first world, but like all software, there can be vulnerabilities. The Varonis Threat Research team discovered, and responsibly disclosed, a vulnerability in Box's implementation of MFA which could have allowed an attacker to gain unauthorized access to a Box environment.

Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team use the Varonis threat research as a jumping-off point to discuss cloud defense-in-depth strategy, and layered security controls can help mitigate damage from the next inevitable vulnerability.

To learn more about the MFA bypass threat research, please visit:
https://www.varonis.com/blog/box-mfa-bypass-totp/

Watch Varonis threat researcher Kody Kinzie demonstrates how an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data *without* providing a one-time password.

We're Varonis.

We've been keeping the world's most valuable data out of enemy hands since 2005 with our market-leading data security platform.

How it works