Solved

Multi Factor Authentication (MFA) Flaw


Badge +1

I started looking at the MFA on Command Centre and baffled as it is flawed. If my domain account has been compromised, I would be expecting the second factor to be the 2nd line of defence. But no, you can request a new pin that gets sent to your compromised domain account e-mail address. I then looked to see if I can amend my account by adding an external e-mail address, but LDAP pulls this from the domain and can not be edited. By editing the e-mail script we can omit the pin, but I think this hasn’t been thought through by Commvault, considering that backups are supposed to be the last line of defence against a cyber attack the two factor serves only to delay the time it takes for SMTP to deliver a new pin.

icon

Best answer by Anand 7 June 2021, 21:32

View original

29 replies

Userlevel 3
Badge +11

@dude :

Already did few months back they don't have any way apart from modifying the email template .

Badge

TFA email can be disabled using this Additional settings. If set at commcell level, it will disable for all the users that belongs to the commcell. 

Name: DisableTFAEmail

Category: CommServDB.Console

Type: Boolean

value: true

 

Userlevel 7
Badge +23

@Mohit Chordia , if you open a support case, share it here and I’ll split your query into its own thread.

Userlevel 3
Badge +11

TFA email can be disabled using this Additional settings. If set at commcell level, it will disable for all the users that belongs to the commcell. 

Name: DisableTFAEmail

Category: CommServDB.Console

Type: Boolean

value: true

 

@Nipa 

Thank you . This is working.

Reply