Few hours ago I was informed that Q-CERT team found a critical vulnerability in DropBox that allows a hacker to bypass the two-factor authentication implemented by the popular file sharing service.
Just a few days ago I have spoken of the necessity for SMBs to implement a two-factor authentication to improve security for resources and services exposed on the Internet. Principal service providers such as LinkedIn, Google and Facebook has already implemented a two-factor authentication process to protect the user’s account for violations and abuse.
The researcher Zouheir Abdallah revealed that an attacker already knows the victim’s credentials (username and password obtained with a Key-logger, cross-site shared password, due the adoption of a easy to guess password etc..), for Dropbox account that has two-factor authentication enabled, is able to hack that account following the described procedure.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.