Solved

Multi Factor Authentication (MFA) Flaw

2 years ago
18 May 2021
29 replies
2385 views

Dancer
Bit
3 replies

I started looking at the MFA on Command Centre and baffled as it is flawed. If my domain account has been compromised, I would be expecting the second factor to be the 2nd line of defence. But no, you can request a new pin that gets sent to your compromised domain account e-mail address. I then looked to see if I can amend my account by adding an external e-mail address, but LDAP pulls this from the domain and can not be edited. By editing the e-mail script we can omit the pin, but I think this hasn’t been thought through by Commvault, considering that backups are supposed to be the last line of defence against a cyber attack the two factor serves only to delay the time it takes for SMTP to deliver a new pin.

icon

Best answer by Anand 7 June 2021, 21:32

View original

Show first post Hide first post

29 replies

Page 2 / 2

Userlevel 3

+11

@dude

I understand that PIN generating apps can be used but is there any option to disable PIN over email feature in 11.25 . I want to ensure that if a user is not using PIN generating app should not receive the PIN over email.

Any new capabilities added in 11.25 for MFA ?

Regards, Mohit

+15

dude
Byte
278 replies
2 years ago
9 December 2021

@dude

I want to ensure that if a user is not using PIN generating app should not receive the PIN over email.

Any new capabilities added in 11.25 for MFA ?

Regards, Mohit

Ohh sorry I misundertood you before. Looking at the docs, I am not quite sure it is documentated or if it is possible. I would recommened opening a case with that request and if that is not possible today, I`m sure they would provide options to get around that.