Solved

Multi Factor Authentication (MFA) Flaw

3 years ago
May 18, 2021
29 replies
2618 views

+1

Dancer
Bit
3 replies

I started looking at the MFA on Command Centre and baffled as it is flawed. If my domain account has been compromised, I would be expecting the second factor to be the 2nd line of defence. But no, you can request a new pin that gets sent to your compromised domain account e-mail address. I then looked to see if I can amend my account by adding an external e-mail address, but LDAP pulls this from the domain and can not be edited. By editing the e-mail script we can omit the pin, but I think this hasn’t been thought through by Commvault, considering that backups are supposed to be the last line of defence against a cyber attack the two factor serves only to delay the time it takes for SMTP to deliver a new pin.

Best answer by Anand

@dude In other words, yubikey option doesn’t get invoke, when we do SSO. In case of ADFS, yubikey support need to be added in AD. When token comes back to us, user is already marked authenticated. Internally we have tried yubikey with Azure AD setup and it worked fine. Currently we are adding feature to allow local or direct AD user authentication with yubikey.

Editing in FR25 to mark this as the best (and complete) answer.

View original

Did this answer your question?

Show first post

1
2

Page 2 / 2

+15

dude
Byte
320 replies
3 years ago
June 7, 2021

Anand wrote:

@dude In other words, yubikey option doesn’t get invoke, when we do SSO. In case of ADFS, yubikey support need to be added in AD. When token comes back to us, user is already marked authenticated. Internally we have tried yubikey with Azure AD setup and it worked fine. Currently we are adding feature to allow local or direct AD user authentication with yubikey.

@Anand I`m not sure I understand. It is currently not supported but it is coming in future release? do you know when?

+23

Mike Struening
Vaulter
4996 replies
3 years ago
June 7, 2021

@dude , let me know if @Anand ‘s reply satisfied your question :nerd:

https://www.linkedin.com/in/michael-struening

A

+2

Anand
Vaulter
9 replies
Answer
3 years ago
June 7, 2021

@dude In other words, yubikey option doesn’t get invoke, when we do SSO. In case of ADFS, yubikey support need to be added in AD. When token comes back to us, user is already marked authenticated. Internally we have tried yubikey with Azure AD setup and it worked fine. Currently we are adding feature to allow local or direct AD user authentication with yubikey.

Editing in FR25 to mark this as the best (and complete) answer.

+15

dude
Byte
320 replies
3 years ago
June 3, 2021

@Anand any way to get ADFS and allow Yubikeys?

1
2

Page 2 / 2

Multi Factor Authentication (MFA) Flaw

29 replies

Reply

Most helpful members this week

Cookie policy

Cookie settings

Reply

Related topics

Double Authentification par téléphone : la fausse bonne idée ?icon

Enregistrer un paiement facture de venteicon

Double authentification pour accès client

FAQ Forum en Live : Préparer la transition avec l'ouverture de l'annuaire

Absence de réception du SMS nécessaire pour la connexion en double authentificationicon

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings