I started looking at the MFA on Command Centre and baffled as it is flawed. If my domain account has been compromised, I would be expecting the second factor to be the 2nd line of defence. But no, you can request a new pin that gets sent to your compromised domain account e-mail address. I then looked to see if I can amend my account by adding an external e-mail address, but LDAP pulls this from the domain and can not be edited. By editing the e-mail script we can omit the pin, but I think this hasn’t been thought through by Commvault, considering that backups are supposed to be the last line of defence against a cyber attack the two factor serves only to delay the time it takes for SMTP to deliver a new pin.
Multi Factor Authentication (MFA) Flaw
I understand that PIN generating apps can be used but is there any option to disable PIN over email feature in 11.25 . I want to ensure that if a user is not using PIN generating app should not receive the PIN over email.
Any new capabilities added in 11.25 for MFA ?
Regards, Mohit
I want to ensure that if a user is not using PIN generating app should not receive the PIN over email.
Any new capabilities added in 11.25 for MFA ?
Regards, Mohit
Ohh sorry I misundertood you before. Looking at the docs, I am not quite sure it is documentated or if it is possible. I would recommened opening a case with that request and if that is not possible today, I`m sure they would provide options to get around that.
Np, workaround is present to modify the email template but going through the thread i thought that something new is introduced in 11.25 release.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.